Quick and Simple: BPFDoor Explained

2022-06-13 03:49

BPFDoor isn't new to the cyberattack game - in fact, it's gone undetected for years - but PwC researchers discovered the piece of malware in 2021.

BPFDoor is a piece of malware associated with China-based threat actor Red Menshen that has hit mostly Linux operating systems.

BPFDoor uses BPF "Sniffers" to see all network traffic and find vulnerabilities.

Since IP addresses are what the filters analyze to allow or decline access to packets, BPFDoor could essentially allow any packet to be sent or received.

Once BPFDoor is activated, remote code can be sent through the unfiltered and unblocked passageway.

What Can We Do About It? In order for BPFDoor to launch, the threat actor would need to upload the malicious binary to a server.

News URL

https://thehackernews.com/2022/06/quick-and-simple-bpfdoor-explained.html