China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks

A China-linked advanced persistent threat group, Red Menshen, has been conducting a long-term espionage campaign by infiltrating telecom networks, primarily in the Middle East and Asia, since at least 2021. The group utilizes highly stealthy BPFDoor implants to maintain covert access within critical infrastructure, enabling them to discreetly monitor and potentially spy on government communications. This strategic positioning allows the attackers to remain hidden while gathering sensitive information. The use of BPFDoor implants suggests a high degree of sophistication, as they can evade detection and persist on compromised systems¹. The involvement of a state-aligned threat actor like Red Menshen shifts the threat model from traditional criminal activity to geopolitically motivated operations, requiring a distinct approach to mitigation and response. This campaign's focus on telecom networks underscores the need for heightened security measures to protect critical infrastructure from nation-state threats.