GTPDOOR – Previously Unknown Linux Malware Attack Telecom Networks

Researchers have discovered a new backdoor named GTPDOOR that targets telecommunication network systems within the closed GRX network, which connects multiple telecommunication network operators.  The GRX network is a closed network that connects individual network operators from various telecom companies.  Network elements like SGSN, GGSN, P-GW, STP, and DRA need direct connections to the GRX network to route roaming traffic, which typically uses the GTP-C protocol for communication. GTPDOOR is designed to be stealthy and difficult to detect, as it leverages the GTP-C protocol, a legitimate protocol used for communication within mobile networks, to blend in with regular traffic.  It can also modify its process name to mimic legitimate system processes and enhance its ability to evade detection.

Source: GBHackers

 


Date:

Categorie(s):