The stealthy rootkit-like malware known as BPFDoor (detected as Backdoor.Linux.BPFDOOR) is a backdoor with strong stealth capabilities, most of them related to its use of Berkeley Packet Filtering (BPF). In a previous article, Trend Micro researchers covered how BPFDoor and BPF-enabled malware work.
BPFDoor has been active for at least four years, with a report by PwC mentioning multiple incidents involving it in 2021. The same report also attributed the backdoor to Red Menshen. The said advanced persistent threat (APT) group, which Trend Micro tracks as Earth Bluecrow, is still actively targeting companies in the Asia, Middle East, and Africa (AMEA) region according to their telemetry.
Read more…
Source: Trend Micro
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Ivanti Endpoint Manager Mobile exploit chain exploited in the wild
May 16, 2025
On May 13, 2025, Ivanti disclosed an exploited in the wild exploit chain, comprising of two new vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM): CVE-2025-4427 and CVE-2025-4428. Ivanti EPMM is an enterprise-focused software suite for IT teams to manage mobile devices, applications, and content. CVE-2025-4427 is an authentication bypass vulnerability with a CVSS rating of 5.3 ...
- CrazyHunter Campaign Targets Taiwanese Critical Sectors
May 16, 2025
CrazyHunter has quickly emerged as a serious ransomware threat. The group made their introduction in the past month with the opening of their data leak site where they posted ten victims – all located from Taiwan. Trend Micro researchers have followed some of their operations through internal monitoring since the start of January and have witnessed ...
- Threat landscape for industrial automation systems in Q1 2025
May 15, 2025
Relative stability from quarter to quarter. The percentage of ICS computers on which malicious objects were blocked remained unchanged from Q4 2024 at 21.9%. Over the last three quarters, the value has ranged from 22.0% to 21.9%. The quarterly figures are decreasing from year to year. Since Q2 2023, the percentage of ICS computers on which ...
- Senior US Officials Impersonated in Malicious Messaging Campaign
May 15, 2025
FBI is issuing this announcement to warn and provide mitigation tips to the public about an ongoing malicious text and voice messaging campaign. Since April 2025, malicious actors have impersonated senior US officials to target individuals, many of whom are current or former senior US federal or state government officials and their contacts. If you receive ...
- Fashion giant Dior confirms customer data accessed in cyber attack
May 15, 2025
Luxury French fashion brand Dior is the latest high-profile retail firm to be hit by a cyber attack. In a statement, Dior said customer data was accessed as a result, however, no financial information was impacted. The incident comes in the wake of a number of UK retailers, including Marks and Spencer and Co-op, being hit ...
- Coinbase warns of $400m hit after data breach
May 15, 2025
Crypto exchange Coinbase has disclosed a significant cyber attack that could cost the company between $180m (£135m) and $400m (£300m), after hackers breached account data belonging to a “small subset” of its users. The news sent shares down three per cent in pre-market trading on Thursday. Coinbase said it received an email from an unknown threat ...