GTPDOOR – Previously Unknown Linux Malware Attack Telecom Networks

5 March 2024

Researchers have discovered a new backdoor named GTPDOOR that targets telecommunication network systems within the closed GRX network, which connects multiple telecommunication network operators. The GRX network is a closed network that connects individual network operators from various telecom companies. Network elements like SGSN, GGSN, P-GW, STP, and DRA need direct connections to the GRX network to route roaming traffic, which typically uses the GTP-C protocol for communication. GTPDOOR is designed to be stealthy and difficult to detect, as it leverages the GTP-C protocol, a legitimate protocol used for communication within mobile networks, to blend in with regular traffic. It can also modify its process name to mimic legitimate system processes and enhance its ability to evade detection.

Source: GBHackers

Date:

5 March 2024

Categorie(s):

NEWS

Tag(s):

Attacks, Cyber Attack, Cyber Security News, Network, Telecoms

F5 shares fall over 9% on disappointing earnings outlook30 April 2024
AT&T, Verizon, Sprint, T-Mobile US fined $200M for selling off people’s location info29 April 2024
Board’s Pivotal Role in Cybersecurity as CISO-CEO Communication Gaps Continue – BSW #34829 April 2024
Meet Silver SAML: Golden SAML in the Cloud – Eric Woodruff – BSW #34829 April 2024
F5 shares fall over 9% on disappointing third quarter guidance29 April 2024