{"id":251539,"date":"2026-05-21T10:00:00","date_gmt":"2026-05-21T14:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/21\/chinese-hackers-target-telcos-with-new-linux-windows-malware\/"},"modified":"2026-05-21T12:25:08","modified_gmt":"2026-05-21T16:25:08","slug":"chinese-hackers-target-telcos-with-new-linux-windows-malware","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/21\/chinese-hackers-target-telcos-with-new-linux-windows-malware\/","title":{"rendered":"Chinese hackers target telcos with new Linux, Windows malware"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/chinese-hackers-target-telcos-with-new-linux-windows-malware\/\">Chinese hackers target telcos with new Linux, Windows malware<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/chinese-hackers-target-telcos-with-new-linux-windows-malware\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/chinese-hackers-target-telcos-with-new-linux-windows-malware\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-21 10:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively.<\/p>\n<p>The operation has been active since at least mid-2022 and targeted organizations across the Asia Pacific and parts of the Middle East. It was attributed to the Calypso threat group, also tracked as Red Lamassu.<\/p>\n<p>According to researchers at Lumen&#8217;s Black Lotus Labs and PwC Threat Intelligence, the threat actor set up and used multiple telecom-themed domains to impersonate their targets.<\/p>\n<h3>The Showboat Linux malware<\/h3>\n<p>The Linux implant Calypso uses in these attacks, dubbed Showboat\/kworker, is a modular post-exploitation framework built to \u00a0for long-term persistence after initial compromise. The initial infection vector is unknown.<\/p>\n<p>According to a report today from Black Lotus Labs, once Showboat is deployed on a target system, it starts collecting information about the host and sends it to a command-and-control (C2) server.<\/p>\n<p>The malware can also upload or download files, hide its own process, and establish persistence via a new service.<\/p>\n<p>\u201cOne notable feature is the &#8216;hide&#8217; command, which enables a process to conceal itself on a host machine by retrieving code stored on external websites such as Pastebin or online forums for use as a \u2018dead drop\u2019, Lumen&#8217;s Black Lotus Labs researchers explain.<\/p>\n<p><img decoding=\"async\" alt=\"Pastebin page used in the attacks\" height=\"525\" src=\"https:\/\/www.bleepstatic.com\/images\/news\/u\/1220909\/2026\/May\/pastebit.jpg\" width=\"871\"\/><strong>Pastebin page used in the attacks<\/strong><br \/>Source: Lumen<\/p>\n<p>Its most notable function is acting as a SOCKS5 proxy and port-forwarding pivot point, serving as a foothold on compromised endpoints and enabling the attackers to move to other systems on the internal network.<\/p>\n<p><img decoding=\"async\" alt=\"SOCKS5 and portmap functionality\" height=\"600\" src=\"https:\/\/www.bleepstatic.com\/images\/news\/u\/1220909\/2026\/May\/socksportmap.jpg\" width=\"727\"\/><strong>SOCKS5 and portmap functionality<\/strong><br \/>Source: Lumen<\/p>\n<h3>The JMFBackdoor Windows malware<\/h3>\n<p>Researchers at PwC Threat Intelligence analyzed Red Lamassu&#8217;s infection chain on Windows and noted that it starts with the execution of a batch script that drops payloads to stage a DLL-sideloading procedure (fltMC.exe + FLTLIB.dll). Ultimately, the&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/chinese-hackers-target-telcos-with-new-linux-windows-malware\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chinese hackers target telcos with new Linux, Windows malware https:\/\/www.bleepingcomputer.com\/news\/security\/chinese-hackers-target-telcos-with-new-linux-windows-malware\/ Publish Date: 2026-05-21 10:00:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":251540,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2026\/04\/23\/China.jpg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[71,32,57,34],"class_list":["post-251539","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-linux","tag-malware","tag-security","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251539"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=251539"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251539\/revisions"}],"predecessor-version":[{"id":251541,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251539\/revisions\/251541"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/251540"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=251539"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=251539"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=251539"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}