Yonhap Infomax NewsDec 29
The Ministry of Science and ICT found similarities between BPFdoor malware attacks on SK Telecom and KT, but said it is difficult to confirm the same perpetrator; additional illegal femtocell intrusions are deemed unlikely after new security measures.
#YonhapInfomax #BPFdoor #KTCorp #SKTelecom #Cyberattack #FemtocellSecurity #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
https://en.infomaxai.com/news/articleView.html?idxno=97540
Ministry of Science and ICT Says 'SKT and KT BPFdoor Attacks Show Similarities—Difficult to Conclude Same Perpetrator' (Comprehensive Update 2)

The Ministry of Science and ICT found similarities between BPFdoor malware attacks on SK Telecom and KT, but said it is difficult to confirm the same perpetrator; additional illegal femtocell intrusions are deemed unlikely after new security measures.

Yonhap Infomax
Yonhap Infomax NewsDec 29
South Korea's Ministry of Science and ICT found similarities between BPFdoor malware attacks on SK Telecom and KT, but said it is difficult to confirm the same perpetrator, citing open-source risks and lack of official attribution.
#YonhapInfomax #BPFdoor #SKTelecom #KT #Cyberattack #MinistryOfScienceAndICT #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
https://en.infomaxai.com/news/articleView.html?idxno=97533
Ministry of Science and ICT Says 'SKT and KT BPFdoor Attacks Show Similarities—Difficult to Conclude Same Perpetrator' (Comprehensive)

South Korea's Ministry of Science and ICT found similarities between BPFdoor malware attacks on SK Telecom and KT, but said it is difficult to confirm the same perpetrator, citing open-source risks and lack of official attribution.

Yonhap Infomax
HabrAug 5, 2025

27 миллионов абонентов под угрозой: разбор крупнейшей кибератаки на корейский телеком

Что нужно, чтобы скомпрометировать данные 27 миллионов абонентов, обрушить акции телеком-гиганта и поставить под угрозу национальную безопасность одной из самых технологически развитых стран мира? Свежий zero-day? Квантовый компьютер? Гениальная социальная инженерия? Всего лишь веб-шелл, почти три года преступной халатности и один хитрый бэкдор. Неизвестные злоумышленники с июня 2022 года хозяйничали в критической инфраструктуре крупнейшего корейского сотового оператора. Под катом мы разберем эту громкую историю.

https://habr.com/ru/companies/bastion/articles/930716/

#атака #кибербезопасность #телеком #смартфоны #сотовая_связь #информционная_безопасность #тестирование_itсистем #BPFDoor #бэкдор

27 миллионов абонентов под угрозой: разбор крупнейшей кибератаки на корейский телеком

Что нужно, чтобы скомпрометировать данные 27 миллионов абонентов, обрушить акции телеком-гиганта и поставить под угрозу национальную безопасность одной из самых технологически развитых стран мира?...

Хабр
Rene RobichaudApr 14, 2025

BPFDoor Malware Uses Reverse Shell to Expand Control Over Compromised Networks
https://gbhackers.com/bpfdoor-malware/

#Infosec #Security #Cybersecurity #CeptBiro #BPFDoor #Malware #ReverseShell #CompromisedNetworks

BPFDoor Malware Uses Reverse Shell to Expand Control Over Compromised Networks

A new wave of cyber espionage attacks has brought BPFDoor malware into the spotlight as a stealthy and dangerous tool for compromising networks.

GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Stephen Hilt  Apr 14, 2025
Stealthy and persistent: #BPFdoor is back, slipping past defenses with almost no trace. Learn how this elusive Linux backdoor hides in plain sight and what it means for enterprise security. Full analysis by @TrendMicrod: https://www.trendmicro.com/en_us/research/25/d/bpfdoor-hidden-controller.html
BPFDoors Hidden Controller Used Against Asia, Middle East Targets

A controller linked to BPF backdoor can open a reverse shell, enabling deeper infiltration into compromised networks. Recent attacks have been observed targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt.

Trend Micro
Kevin BeaumontDec 25, 2023

Somebody just uploaded a #BPFDoor sample from a box in India https://www.virustotal.com/gui/file/1900ab5b108eb8878634454c3e990a61fc8095fae82970e8e3b8593b9ece1eb7/summary

#threatintel

VirusTotal

VirusTotal

Kevin BeaumontDec 12, 2023

Another in the wild #BPFDoor - upload from Netherlands

https://www.virustotal.com/gui/file/cb43a25760ef65ce414849d2151ca032eb2055df9d21ebb838954f9368712c33/summary

VirusTotal

VirusTotal

Kevin BeaumontOct 25, 2023

#BPFdoor implant uploaded by an org in Cambodia. https://www.virustotal.com/gui/file/074e298bed158aecdda82f3ac23b84afc78d83e6e9ae3a04a67e583497fb7e08

4f27f2ebe487e277f39783aa0ae3134f

#threatintel

VirusTotal

VirusTotal

RawSecSep 25, 2023
Past week I worked on two new events for kunai. Clone (i.e. fork) events and BPF socket filter events (when a filter program is attached to a socket #bpfdoor). Those will both be part of next release and will be documented there https://why.kunai.rocks. Maybe I'll include other new events ! If you have ideas about events you'd like to monitor on #linux that is the time to tell me. Maybe it'll get a chance to be included before next release !
#dfir #threathunting
Bring your Linux Threat-Hunting capabilities to the next level | Kunai

Description will go into a meta tag in <head />

RawSecSep 19, 2023
While running kunai against a #bpfdoor #malware sample I noticed it did not catch the bpf filter attached to the socket ... This is a great opportunity for a new feature development ! Here is what the event will look like. Stay tuned: https://github.com/0xrawsec/kunai
#threathunting #dfir
GitHub - 0xrawsec/kunai: Threat-hunting tool for Linux

Threat-hunting tool for Linux. Contribute to 0xrawsec/kunai development by creating an account on GitHub.

GitHub