Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure
The state-sponsored threat actor deployed kernel implants and passive backdoors enabling long-term, high-level espionage. The post Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure appeared first on SecurityWeek.
A China-linked state-sponsored threat actor has deployed kernel implants and passive backdoors deep within telecommunication backbone infrastructure worldwide for long-term persistence, Rapid7 reports.
The stealth digital sleeper cells have not been attributed to any known APT but are meant for high-level espionage, including against government networks, the cybersecurity firm says.
The persistent tools were deployed as part of apparent discreet breaches that are characterized by recurring elements, suggesting an ongoing operation aimed at “embedding stealthy access mechanisms deep inside telecom and critical environments” for extended access.
Source: https://www.securityweek.com/chinese-hackers-caught-deep-within-telecom-backbone-infrastructure/
Related breach coverage
- Anthropic Says Claude AI Powered 90% of Chinese Espionage Campaign2025-11-14
A state-sponsored threat actor manipulated Claude Code to execute cyberattacks on roughly 30 organizations worldwide. The post Anthropic Says Claude AI Powered 90% of Chinese Espionage Campaign appeared first on SecurityWeek.
- China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation2026-03-16
The state-sponsored hackers deployed custom tools and stayed dormant in the compromised environments for months. The post China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation appeared first on SecurityWeek.
- Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit2025-12-30
The threat actor uses a signed driver file containing two user-mode shellcodes to execute its ToneShell backdoor. The post Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit appeared first on SecurityWeek.
- Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks2025-12-16
After years of exploiting zero-day and n-day vulnerabilities, Russian state-sponsored threat actors are shifting to misconfigured devices. The post Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks appeared first on SecurityWeek.