Breaking 17:45 Benabdallah critiques government action and outlines PPS alternative 17:30 Netanyahu orders xepansion of security buffer zone in Southern Lebanon 17:15 Rabat ranks among top emerging cities in Global Attractiveness Index 17:00 Morocco under HM King Mohammed VI reinforces Solidarity with Arab Nations 16:45 Former Egyptian Foreign Minister Nabil Fahmy appointed head of Arab League 16:31 The XI of the Week: from Madrid to Malabo, a roadmap toward continental and global leadership 16:30 Tottenham Hotspur interim manager Tudor departs after string of defeats 16:15 Prophet’s Sirah and Islamic Civilization Museum welcomes 10 million visitors, ICESCO reports 16:00 F'murr's comic legacy celebrated in Strasbourg exhibition 15:45 Indian banks request three-month window to comply with new FX limits 15:30 India relaxes kerosene regulations to address energy supply disruptions 15:15 MPS proposes CEO change to strengthen governance and internal cooperation 15:00 Bahrain bans night navigation amid rising tensions with Iran 14:45 Ukraine’s President Zelensky arrives in Jordan to strengthen Gulf ties 14:30 Humpback whale “Timmy” struggles to escape shallow waters off Germany 14:15 Swiss public supports stricter social media rules for minors, survey shows 14:00 Moroccan filmmaker Manal Chahboun competes in the first Walloon Film Festival 13:45 Morocco’s textile industry holds ground in Europe amid rising Asian competition 13:30 Nightclub fire near Strasbourg forces evacuation of 750 people in Kehl 13:15 Teen in custody after fatal incident near the Promenade des Anglais in Nice 13:00 Israel blocks Latin Patriarch of Jerusalem from celebrating Palm Sunday mass for the first time in centuries 11:27 Pentagon prepares for potential ground operations in Iran amid rising tensions 11:22 UAE targeted by missile and drone attacks, defense ministry says 11:06 Three killed and dozens injured in building fire in northern China 11:01 Journalists must never be targeted in conflicts, says France amid Lebanon tensions 10:48 Ethiopia secures $13 billion in investment deals to boost key sectors 10:27 Suspicious trades linked to Trump policy shifts raise calls for closer scrutiny 10:08 WTO talks stall as U.S.-India divide over e-commerce duties persists 09:50 Paris attack foiled near bank of america, two more suspects arrested 09:18 Casablanca to host 15th heritage days under the theme “casablanca atlantique” 08:51 Morocco faces economic pressure amid Hormuz Strait tensions 08:37 Algeria mourns former president Liamine Zeroual 08:18 France seeks buyer for ‘60 millions de consommateurs’ after institute liquidation 08:06 Rima hassan barred from entering canada, denounces ‘attempted censorship’ 07:28 Mexican protesters turn highway into football pitch to denounce World Cup impact 07:14 Driver arrested after pedestrians struck in derby, several seriously injured

Rapid7 uncovers Chinese 'dormant cells' in telecom networks

Friday 27 - 09:20
By: Dakir Madiha
Rapid7 uncovers Chinese 'dormant cells' in telecom networks

Rapid7 detailed Thursday how a China-linked threat actor, Red Menshen, planted stealthy BPFdoor backdoors in global telecom networks using Linux kernel-level malware. First revealed in 2022, BPFdoor leverages Berkeley Packet Filter technology to passively monitor network packets without opening ports or signaling activity, evading standard endpoint detection tools. Presented at RSAC 2026 in San Francisco, the findings show a new variant hiding command triggers in encrypted HTTPS traffic via SSL endpoints like load balancers and proxies.

The malware targets telecom-specific protocols such as SCTP, enabling subscriber activity surveillance, location tracking and identity data collection on 4G and 5G networks. This marks a shift from opportunistic hacks to deliberate long-term prepositioning, with implants mimicking legitimate infrastructure services. Rapid7 released a free open-source detection script for organizations to scan for BPFdoor remnants.

In a related Linux threat, Check Point Research exposed VoidLink earlier this year—a cloud-native malware framework built primarily with AI assistance, likely by a single developer using the TRAE AI-centric IDE to produce over 88,000 lines of functional code in under a week. First spotted in December 2025, it auto-profiles targets and deploys tailored rootkits: eBPF on 6.x kernels, hybrid eBPF-LKM on 5.x, and remotely compiled loadable modules on older versions.

Sysdig analysis found VoidLink's command-and-control server compiles victim-specific rootkits on demand—a novel wild technique. Both threats exploit expanding Linux use in cloud platforms, container orchestration and telecom infrastructure. Ericsson warned last year that BPFdoor persists in Kubernetes environments at the node level even after pod restarts, while VoidLink probes cloud metadata APIs and enumerates Kubernetes and Docker setups for misconfigurations and privilege escalations.

Keywords:



Latest News
  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

Newsletter

Subscribe now to the Walaw website newsletter to receive all the latest updates

Email address

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.