Chinese Hackers STILL Deep inside US Telecoms

A China-linked state-sponsored threat actor has deployed kernel implants and passive backdoors deep within telecommunication backbone infrastructure worldwide for long-term persistence, Rapid7 reports.

These stealthy “sleeper cells” have not been positively attributed but Rapid 7 says that they are Chinese.

The “implants” are designed to be both persistent and discreet, meaning they are designed for long term access to our telecom and other critical infrastructure.

Rapid 7 says that these implants are designed to form a persistent access layer designed not simply to breach networks, but to inhabit them.

If that doesn’t scare you, it certainly should.

Rapid 7 says that the attackers targeted Ivanti, Cisco, Fortinet, VMWare, Palo Alto Networks, along with Apache Struts and other web platforms.

Rather than targeting one server at a time, these attacks go after the underlying infrastructure.

While we had a big scare in 2024 with Salt Typhoon, it seems like this story is not over and the exorcism is not easy or complete.

Credit: Security Week

by