The wide adoption of Linux across critical infrastructure, servers, and cloud environments has made it an appealing target for attackers aiming to steal data, disrupt services, or launch broader attacks. One such attack campaign by the Red Menshen APT group has come to the notice of Trend Micro researchers. The group was observed using different variants of the BPFDoor backdoor as part of attacks targeting Linux and cloud servers.
Earlier, the attackers were focused on Windows systems. However, these latest attacks indicate that they are expanding their presence on non-Windows targets.