The stealthy rootkit-like malware known as BPFDoor (detected as Backdoor.Linux.BPFDOOR) is a backdoor with strong stealth capabilities, most of them related to its use of Berkeley Packet Filtering (BPF). In a previous article, Trend Micro researchers covered how BPFDoor and BPF-enabled malware work.
BPFDoor has been active for at least four years, with a report by PwC mentioning multiple incidents involving it in 2021. The same report also attributed the backdoor to Red Menshen. The said advanced persistent threat (APT) group, which Trend Micro tracks as Earth Bluecrow, is still actively targeting companies in the Asia, Middle East, and Africa (AMEA) region according to their telemetry.
Read more…
Source: Trend Micro
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!
July 17, 2017
A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim’s computer. Cisco WebEx is a popular communication tool for online events, including meetings, webinars and video conferences that help ...
- NSA Advocates Data Sharing Framework
June 23, 2017
The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...