Trend Micro uncovered a cyber operation by the Red Menshen APT group wherein it utilizes various versions of the BPFDoor backdoor to target Linux and cloud servers. A six-fold increase has been observed in the addition of instructions to BPF as those found in samples from 2022. Security teams across organizations should leverage provided IOCs to detect anomalies in their network.