BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets www.trendmicro.com/en_us/res…

BPFDoor is a state-sponsored backdoor designed for cyberespionage activities. Through our investigation of BPFDoor attacks, we unearthed a controller that hasn’t been observed being used anywhere else. We attribute this controller to Red Menshen, an advanced persistent threat (APT) group that Trend Micro tracks as Earth Bluecrow.

The controller could open a reverse shell. This could allow lateral movement, enabling attackers to enter deeper into compromised networks, allowing them to control more systems or gain access to sensitive data.