SECURITY researchers from PwC Threat Intelligence have identified a sophisticated cyber espionage campaign by the Chinese threat actor known as Red Lamassu, targeting telecommunications providers across Asia. This group, also referred to as Calypso APT, has been operational since 2019 and aims to steal intelligence for long-term strategic advantages.
Investigators discovered this activity through a misconfigured server revealing an open directory with malicious payloads, including a Windows backdoor called JFMBackdoor. This malware allows attackers extensive remote access and stealth capabilities.
Specific operations linked to Red Lamassu were traced to Afghanistan, particularly against a domestic telecom provider, highlighting their ongoing threat to regional communications. Organizations in affected areas, which include Kazakhstan, Afghanistan, and India, are urged to implement strict security measures to counter these persistent threats.