Chinese-linked cyber-espionage campaign targets telecoms with Linux and Windows malware.

Chinese-linked cyber-espionage campaign targets telecoms with Linux and Windows malware.
Researchers disclosed details of a campaign using Linux malware called Showboat and Windows malware called JFMBackdoor against telecommunications targets. Reporting links the activity to Calypso, also tracked as Red Lamassu, and says the operation has been active since at least mid-2022 across parts of Asia-Pacific and the Middle East. Showboat can collect host information, hide processes, upload/download files, and act as a SOCKS5 proxy for internal network movement. JFMBackdoor provides remote shell access, file operations, proxying, screenshot capture, registry manipulation, and anti-forensics features.