China-linked APT targets telecom providers via edge device exploits, expands to Southeast Europe

A sophisticated threat actor with suspected ties to China is conducting targeted attacks against telecommunications providers by exploiting vulnerabilities in edge devices. According to BleepingComputer, the campaign employs custom Linux malware to compromise network infrastructure, with recent expansion into Southeast European organizations. While technical specifics such as malware families or exploited CVEs remain undisclosed, the attacks demonstrate advanced capabilities to infiltrate critical telecom infrastructure. This campaign highlights the persistent risk to telecom sector supply chains, where edge devices often serve as initial access vectors due to exposed interfaces and patch management challenges. The use of Linux malware underscores the attackers' focus on server and networking equipment common in carrier environments. Telecom providers should prioritize edge device hardening, network segmentation, and anomaly detection for Linux-based systems. The geographic expansion suggests strategic targeting of regional communication hubs, though the full operational objectives remain unclear.