Telecom firms face rising cyber pressure as hackers deploy Linux and Windows tools

Rising telecom cyber pressure

Your calls, texts, and data travel through networks that hackers desperately want to control. Now, researchers warn that advanced malware built for both Linux and Windows systems is raising fresh concerns about long-term cyber-espionage inside telecom infrastructure. Recent reporting shows attackers targeting telecom infrastructure with tools built for long-term access and espionage.

These campaigns are part of a broader pattern of alleged state-linked cyber activity aimed at critical communications networks. Security researchers warn that telcos remain high-value targets due to the sensitive data they carry.

Malware targets Linux and Windows systems

Security researchers identified a campaign using two newly discovered malware strains: a Linux-based tool called Showboat and a Windows backdoor known as JFMBackdoor.

These tools are designed to infiltrate telecom networks and maintain persistent access once systems are compromised. The malware enables attackers to collect system data, execute commands, and move within internal networks. The dual-platform design increases the reach and flexibility of the attack.

Long-running espionage campaign

The activity has reportedly been ongoing since at least mid-2022, suggesting a sustained and coordinated operation rather than a short-term attack. The campaign has targeted telecom providers in regions including Asia-Pacific and the Middle East.

Researchers link the activity to a China-affiliated group tracked as Calypso (also known as Red Lamassu). The long duration highlights the stealth-focused nature of the operation.

How attackers gain and maintain access

Although the initial infection method is still unclear, once inside, the malware establishes a strong foothold in compromised systems. It can create persistence mechanisms, allowing attackers to remain undetected for long periods.

The tools also enable data collection and internal reconnaissance. This makes it easier for attackers to expand deeper into telecom networks over time.

Linux malware “Showboat” capabilities

The Linux implant Showboat acts as a modular espionage framework. It can gather host information, communicate with command-and-control servers, and transfer files.

It also supports SOCKS5 proxy functionality, which allows attackers to route traffic through compromised systems. This makes it useful for lateral movement inside telecom infrastructure.

Fun fact: Cybersecurity researchers found that ransomware attacks on the telecom sector surged from 24 incidents in 2022 to 90 in 2025, reflecting a nearly fourfold increase in three years and highlighting growing pressure on telecom infrastructure.

Windows malware “JFMBackdoor” features

The Windows component, JFMBackdoor, is a full-featured espionage tool. It allows remote command execution, file manipulation, and process control on infected machines.

It can also capture screenshots, modify registry settings, and act as a network proxy. These capabilities make it highly effective for long-term surveillance and data theft.

Telecom networks remain prime targets

Telecom providers are especially attractive to attackers because they handle large volumes of sensitive communications data. In some cases, breaches have previously enabled the interception of communications and surveillance-related information.

This makes telecom infrastructure a strategic focus for espionage groups. Past incidents show that attackers can remain hidden in networks for extended periods.

Fun fact: According to the ITRC, 2025 saw a record 3,322 data compromise cases, reflecting a 79% increase since 2020.

Use of telecom-themed infrastructure

Researchers found that attackers used telecom-themed domains to impersonate regional telecom organizations and support their operations. This infrastructure helped the campaign appear connected to legitimate communications environments.

It also made detection more challenging for defenders monitoring large-scale telecom networks. Infrastructure mimicry and command-and-control staging were central parts of the activity documented by researchers.

Broader pattern of telco cyberattacks

This campaign is part of a wider trend where telecom companies are repeatedly targeted by advanced persistent threat groups. Similar operations have used Linux backdoors, edge device exploits, and long-term network infiltration techniques.

The goal is often sustained intelligence gathering rather than immediate disruption. This reflects the strategic value of telecom infrastructure in global cyber operations.

Security concerns for critical infrastructure

Researchers warn that telecom networks remain difficult to defend because attackers can target Linux systems, Windows environments, routers, and other network-facing infrastructure. Recent campaigns show how compromised systems can become footholds for deeper access inside communications networks.

Security teams must monitor endpoints, network devices, internet-facing services, and internal traffic continuously. The risk is especially serious for carriers whose infrastructure supports large volumes of voice, data, and business communications.

Defensive priorities for telecom firms

Security researchers recommend stronger endpoint monitoring, rapid patching of internet-facing systems, and improved network segmentation. Detecting unusual proxy behavior and encrypted outbound traffic is also crucial.

Early detection of Linux and Windows malware activity is key to limiting damage. Telecom operators are being urged to strengthen both prevention and response capabilities.

Growing cyber-espionage ecosystem

The use of cross-platform malware highlights how cyber-espionage groups are increasingly building shared toolkits for multiple operating systems. This allows attackers to scale operations across diverse infrastructure environments.

It also reflects a growing professionalization of state-linked cyber activity. Telecom networks remain a central focus in this evolving threat landscape.

Wondering what the FBI confirmed? Here’s why the Salt Typhoon telecom hack is ‘largely contained’, according to the FBI.

Rising pressure on telecom security

Overall, telecom firms are under rising cyber pressure as attackers deploy advanced Linux and Windows malware to maintain long-term access and conduct espionage.

These operations show increasing sophistication, persistence, and targeting of critical communications infrastructure. As threats evolve, telecom security strategies must adapt to defend against multi-platform and long-duration attacks.

Curious what led to the penalty? Here’s why South Korea hits SK Telecom with $97M fine over major data breach.

Do you think telecom companies should prioritize prevention systems or focus more on faster detection and response to cyberattacks? Share your thoughts.

This slideshow was made with AI assistance and human editing.

Don’t forget to follow us for more exclusive content on MSN.

Read More From This Brand:

• Data breach uncovers cyber arsenal at Chinese firm
• OpenAI warns new models could bring high cyber risks
• Top safety tips to master this Cybersecurity Awareness Month