China-linked ‘Red Menshen’ malware found lurking in telecoms networks

• Researchers say the Red Menshen threat is designed for stealth and long-term persistence inside telecom environments.
• The discovery highlights growing cyber risk facing critical communications infrastructure worldwide.

What happened

A newly detailed cyber threat dubbed Red Menshen has been identified operating inside telecommunications networks, according to a report from TelcoNews. The campaign is believed to be linked to China and is designed to remain hidden within critical infrastructure for extended periods. See also: China-linked ‘Red Menshen’ malware found lurking in telecoms networks.

Security researchers say the malware focuses specifically on telecom environments, where it can exploit trusted internal access and remain undetected. By embedding itself deeply in network equipment and operational systems, Red Menshen appears engineered for long-term persistence rather than immediate disruption. See also: AfriNIC's Vanishing Member register.

The report notes that telecommunications networks present a highly attractive target because they underpin national infrastructure and carry vast amounts of sensitive data. Once inside, attackers can potentially monitor traffic, gather intelligence, and maintain a foothold within the network for future operations.

Researchers highlighted that the campaign reflects a broader trend of state-linked cyber activity targeting critical infrastructure. The approach emphasises stealth, persistence and the ability to evade traditional security tools.

Also read：SK Telecom breach exposes years-long malware infiltration

Also read：US telecom giants at risk as Federal Communications Commission scraps key cyber-security ruling

Why it’s important

The discovery underlines the growing strategic importance of telecom networks in geopolitical cyber competition. Telecommunications providers sit at the centre of digital economies, connecting governments, businesses and consumers across borders.

Security experts warn that persistent access to telecom infrastructure could enable intelligence gathering on a large scale. Even without immediate disruption, long-term access could allow threat actors to map networks, monitor communications and prepare future operations.

The findings also reinforce concerns about supply chain and infrastructure security. Telecom operators face increasing pressure to harden networks, monitor internal systems more closely and improve threat detection across complex environments.

From a financial perspective, the risk to telecom infrastructure can translate into higher security spending, regulatory scrutiny and reputational exposure for operators.

The Red Menshen case illustrates how cyber threats are shifting from opportunistic attacks towards strategic, long-duration campaigns targeting the backbone of the digital world.