A Chinese cyber-espionage campaign attributed to Calypso, also known as Red Lamassu, has been targeting telecommunications providers in Asia Pacific and the Middle East with newly discovered Linux and Windows malware. The operation uses Showboat and JFMBackdoor to enable persistence, espionage, proxying, and internal network movement across compromised systems. #Calypso #RedLamassu #Showboat #JFMBackdoor
Keypoints
- Calypso has targeted telecom providers since at least mid-2022.
- Showboat is a modular Linux implant used for persistence and post-exploitation.
- Showboat can hide processes, transfer files, and act as a SOCKS5 proxy.
- JFMBackdoor is a Windows espionage implant delivered through DLL sideloading.
- The campaign uses shared tooling and decentralized infrastructure across multiple clusters.