Security News > 2024 > March > Stealthy GTPDOOR Linux malware targets mobile operator networks
Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks.
The GRX is a component of mobile telecommunications that facilitates data roaming services across different geographical areas and networks.
While the Serving GPRS Support Node, Gateway GPRS Support Node, and P-GW are components within a mobile operator's network infrastructure, each serving different roles in mobile communications.
As the SGSN, GGSN, and P-GW networks are more exposed to the public, with IP address ranges listed in public documents, the researcher believes they are the likely target for gaining initial access to the mobile operator's network.
GTPDOOR is a sophisticated backdoor malware tailored for telecommunications networks, leveraging the GPRS Tunnelling Protocol Control Plane for covert command and control communications.
The following YARA rule for defenders to detect the GTPDOOR malware has also been provided.
News URL
Related news
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (source)
- DinodasRAT malware targets Linux servers in espionage campaign (source)