.png?width=1816&height=566&name=brandmark-design%20(83).png "Tech Channels - IT News, Resources & Insights")
Bad actors are playing the long game, patiently waiting to bring deeply buried threats to bear. Covert, long-term sleeper cell campaigns aimed at the telecom and government sectors are evading detection, according to research presented by Rapid7 at RSA Conference 2026. Rapid7 identified one such sustained espionage campaign masterminded by Red Menshen, a China-nexus threat actor.
Christiaan Beek, vice president of cyber intelligence at Rapid7, sat down with Tech-Channels to discuss the implications of the persistent access campaign detailed in “Sleeper Cells in the Telecom Backbone,” including the acceleration of attacker tactics and increased zero-day exploitation. Beek says advances in detection that can ferret out these threats.
Q: There is a visibility gap in critical infrastructure. Is that the biggest challenge in detecting today’s most critical threats?
A: It’s not about whether I can detect it, but do I actually have visibility in these threats. Because they are so deep at the lower levels of our infrastructure. And the impact of an attack could be devastating. It shows you how fragile our critical infrastructure is and how we are struggling to find these deep implants, or, as we call them, sleeper cells, which can hide themselves and make detection really difficult. In this case, we saw it being abused for cyber espionage, which makes sense, tracking people's cell phones or intercepting SMS text images. At the same time, if bad actors have access to that level, it gives them the power to shut it down, which is scary. When examining our data, we were seeing this bigger story and had far more evidence than everybody else as we started digging deeper.
Q: How is AI changing the security landscape?
A: We’re connecting applications together that were never supposed to talk with each other in the past. And we create an increased attack surface by even just connecting them. Suddenly, if my chatbot or AI bot can chat with my Gmail, and that is also connected with my WhatsApp, and I can also interact with my Google Nest—do I really want this? It’s a tool that can help streamline some of that—scrape faster through the data—but AI in and of itself is a completely different topic and challenge.
Q. Why are organizations struggling to secure AI-infused environments?
A. I think unawareness. You need a deep technical knowledge of how things are working. I come from a background of ethical hacking, pen testing, and forensics, so I look differently at infrastructure or architecture, then ask whether an organization has thought about security. Did you ask these questions? Do you understand the implications if you build this? And we're getting so interconnected over the last couple of years that we we're losing our understanding of what the implications are. We saw some examples this year and last year around some breaches where people never thought their credentials would being stored in the platform of a service or partner. Then they ask, “How can I be breached?” And it’s because they stored that credential in a platform that was breached six months ago, hackers found it, and thought they were interesting.
Q. How are organizations keeping up with the pace of technological change?
A. Development goes so fast that the moment you jump in and create something, it could be outdated within three months. The struggle is to build something solid into your company and make it a pillar of your infrastructure engineering. That takes time. But now we’re seeing that six or seven months later, the whole industry can go in the other direction. It’s so difficult for organizations to keep up and know where they need to move.
Q. What is limiting the effectiveness of current security strategies and how does tool sprawl fit into the conversation?
A. Historically, security was always on the display: "you need a firewall from this brand, you need another brand for inside the network.” The average number of tools or products from security firms in a company is like 40 to 50. That’s not manageable, especially not with the speed we see today. So, consolidation into platforms is key.
Q. There are a lot of companies stepping up with AI solutions, how do organizations choose wisely?
A. You see the number of startups based on AI at RSA and you wonder how many will exist next year. Something may be a great technology, but if this is a great idea, just a great startup, organizations are hesitant to actually embrace that into their technology stack to protect their stuff.
Q. Do you see organizations gearing up for quantum computing and post-quantum cryptography?
A. There were a lot of talks at RSA about quantum physics and quantum computing. It's all theoretical and hypothesis. But I think the moment Q-day will come, it will change forever our society. And we're not looking at it with the full attention yet.
Q: What role do humans play in an AI-driven security environment?
A.There’s a huge difference in building a proof of concept with AI versus putting it into production. That’s about skill; you really need that human experience. I would rather have an experienced engineer using AI as an assistant—something looking over their shoulder—than fully trusting agentic AI. You can’t control it. You need to be experienced in this space to recognize hallucinations and retrain it.
Q. With security becoming a strategic leadership function, how is the role of the CISO evolving?
A. CISOs already have a lot of challenges on their plate, and with AI even more. It’s so hard for them to grasp where they need to focus and where they need to take control. I believe the CISO should report directly to the board since they’re working directly with engineering and across the organization. The good thing is we can faster provide context, more quickly stitch together data feeds—but still, we need the right guardrails.
With threat actors playing a long game, defenders must get their infrastructure in place to detect threats buried deep in their systems. It's critical to not only their own organizations but to all those they're linked to in their ecosystems.
