New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks

New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks
Summary: Cybersecurity researchers have discovered a new controller component related to the BPFDoor backdoor, which has been involved in cyber attacks against various sectors in multiple countries. This backdoor enables lateral movement within compromised networks, potentially allowing further access to sensitive data. The analysis ties these activities to the threat group known as Earth Bluecrow and highlights the unique capabilities of BPFDoor’s design for stealthy operations.

Affected: Telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt

Keypoints :

  • BPFDoor creates a persistent covert channel for long-term control of compromised systems.
  • The controller can perform actions such as opening a reverse shell or redirecting connections based on provided commands.
  • Attacks utilize ‘magic packets’ that bypass firewall protections, leveraging the BPF technology for activation.
  • The malware and controller can communicate securely and operate under specific protocol conditions, expanding potential exploitation avenues.

Source: https://thehackernews.com/2025/04/new-bpfdoor-controller-enables-stealthy.html