EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Chinese-linked Showboat Linux malware targets Middle East telecom providers

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-21 14:00 UTCUpdated 2026-05-21 23:45 UTC
rss
malwarethreat_actorstelecommunicationscyber_espionagelinuxwindows
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (3)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.
3 top sources shown
Chinese hackers target telcos with new Linux, Windows malware
bleepingcomputer_all · News · bleepingcomputer.com · 2026-05-21 14:00 UTC
View all evidence
Overview

Since at least mid-2022, Chinese-affiliated threat actors have conducted a cyber espionage campaign targeting telecommunications providers in the Middle East using a new Linux malware called Showboat.

Score total
1.31
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
Why now
  • The campaign has been active since at least mid-2022 but was recently disclosed, highlighting ongoing threats.
  • New details about Showboat’s capabilities and infrastructure have emerged, aiding detection and response.
  • The targeting of Middle East telecom providers reflects geopolitical cyber tensions and espionage priorities.
Why it matters
  • Telecommunications infrastructure is critical and a prime target for cyber espionage campaigns.
  • Showboat malware’s modular capabilities enable persistent and versatile attacks on Linux systems.
  • The multi-platform nature of the campaign, involving both Linux and Windows malware, increases defense complexity for telecom providers.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • Showboat is a modular Linux malware used by Chinese-affiliated threat actors to target Middle East telecom providers.
  • The malware enables spawning remote shells, transferring files, and operating a SOCKS5 proxy on compromised systems.
  • The campaign includes Windows malware JFMBackdoor, complicating defense efforts for telecom providers.
How sources frame it
  • BleepingComputer: neutral
Consolidated multiple sources to provide a clear overview of the Showboat malware campaign targeting Middle East telecoms.
All evidence
All evidence
New Linux malware 'Showboat' targets Middle East telecom provider
SC Media · scworld.com · 2026-05-21 23:45 UTC
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
thehackernews · thehackernews.com · 2026-05-21 14:17 UTC
Chinese hackers target telcos with new Linux, Windows malware
bleepingcomputer_all · bleepingcomputer.com · 2026-05-21 14:00 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
  • SC Media (1)
  • thehackernews (1)
  • bleepingcomputer_all (1)
Top origin domains (this list)
  • scworld.com (1)
  • thehackernews.com (1)
  • bleepingcomputer.com (1)