Chinese Showboat backdoor campaign

Key Questions

What is the Showboat backdoor and who is deploying it?

Showboat is a Linux SOCKS5 backdoor used by Chinese-speaking threat actors. It has been deployed against telecom networks in the Middle East and APAC regions.

Which other tools are associated with the Showboat campaign?

The campaign also uses JFMBackdoor along with shared PlugX and ShadowPad tooling. This indicates overlap with known Chinese APT infrastructure.

What sectors are primarily targeted by the Showboat operators?

Middle East and Asia-Pacific telecommunications providers are the main targets. The backdoors provide persistent access for espionage or further operations.

Showboat Linux (SOCKS5) + JFMBackdoor vs Middle East/APAC telecoms. Shared PlugX/ShadowPad tooling.

Sources (2)

Updated May 25, 2026

Cybersecurity Hacking News

Chinese Showboat backdoor campaign

Key Questions

What is the Showboat backdoor and who is deploying it?

Which other tools are associated with the Showboat campaign?

What sectors are primarily targeted by the Showboat operators?

The Evolution of Chinese-language Phishing Services

Chinese Hackers Deploy Showboat Linux Backdoor to Breach Middle East Telecom Networks