Increasingly stealthy compromise of major telecommunication networks has been enabled by seven new variants of theBPFDoor malware, which have gained stateless command-and-control routing capabilities, according toGBHackers News.Most critical of the novel BPFDoor versions are httpShell, which prioritizes C2 concealment within HTTP traffic to allow BPF logic to view for certain magic markers in inner packets, and icmpShell, which creates an interactive shell to impede static firewall rules while also supporting bidirectional ICMP tunnels, RC4 encryption, and UDP/ICMP hole-punching, findings from a Rapid7 report revealed.Researchers also discovered several other lettered variants of BPFDoor that allow clandestine and resilient compromise of targeted networks, with the “H” variant including an active beacon performing NTP-themed domain resolution and opening encrypted sessions under the guise of IoT telemetry or time synchronization. Organizations’ network defenders have been urged to closely monitor atypical BPF filters on raw sockets and other structural aberrations to prevent potential compromise.
More
Popular articles
Featured
Newsletter
Subscribe to get the latest news, offers and special announcements.