Chinese APTs Target Telcos with Showboat and JFMBackdoor Malware

A China-aligned APT tracked as Calypso (aka Red Lamassu) has been targeting telecommunications providers across Central Asia and the Asia Pacific since at least mid-2022 using a Linux post-exploitation framework called Showboat and a Windows backdoor named JFMBackdoor. The campaign employs DLL side-loading, process hiding, SOCKS5 proxying, and telecom-themed infrastructure (including IP 23.27.201.160 and related domains) to establish long-term persistence and intelligence collection; detection and network monitoring are recommended.