China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks
China-linked Red Menshen APT group used stealthy BPFDoor implants in telecom networks to spy on government targets. Rapid7 Labs uncovered a China-linked threat group known as Red Menshen has been running a long-term espionage campaign by infiltrating telecom networks, mainly in the Middle East and Asia. Active since at least 2021, the group uses highly […]
Rapid7 Labs uncovered a China-linked threat group known as Red Menshen has been running a long-term espionage campaign by infiltrating telecom networks, mainly in the Middle East and Asia. Active since at least 2021, the group uses highly stealthy BPFDoor implants to maintain hidden access inside critical infrastructure.
This strategic positioning allows attackers to quietly monitor and potentially spy on government communications. Researchers describe these implants as extremely hard to detect, acting like “digital sleeper cells” embedded deep within telecom environments for prolonged surveillance.
Related breach coverage
- Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics2026-04-08
APT28 targets Ukraine and allies with PRISMEX malware, using stealthy techniques for espionage and command-and-control. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is running a spear-phishing campaign against Ukraine and its allies, deploying a new malware suite called PRISMEX. Active since September 2025, the campaign uses advanced stealth techniques like steganography and […]
- China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware2026-01-09
China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational […]
- New China-linked hacker group spies on governments in Southeast Asia, Japan2025-12-18
The group, LongNosedGoblin, has been active since at least September 2023 and was uncovered after researchers detected new malware strains inside the network of a Southeast Asian government last year.
- CL-STA-1087 targets military capabilities since 20202026-03-17
China-linked APT group CL-STA-1087 has targeted Southeast Asian militaries since 2020 using AppleChris and MemFun. A suspected China-linked espionage campaign, tracked as CL-STA-1087, has targeted Southeast Asian military organizations since at least 2020, using AppleChris and MemFun malware. “The activity demonstrated strategic operational patience and a focus on highly targeted intelligence collection, rather than bulk […]