Malware turns home routers into proxies for Chinese state-sponsored hackers
Researchers have uncovered malicious firmware that can turn residential and small office routers into proxies for Chinese state-sponsored hackers. The firmware implant, discovered by Check Point Research, includes a full-featured backdoor that allows attackers to establish communication, issue commands, and perform file transfers with infected devices. The implant was found in TP-Link routers but could be modified to work on other router models.
The malware's main purpose is to relay traffic between infected targets and command-and-control servers, obscuring the origins and destinations of the communication. The control infrastructure was traced back to hackers associated with the Chinese government. By using a chain of infected devices, the attackers can hide the final command and control and make it difficult for defenders to detect and respond to the attack.
This technique of using routers and other IoT devices as proxies is a common tactic among threat actors. The researchers are unsure how the implant is installed on devices but suspect it could be through exploiting vulnerabilities or weak administrative credentials.
While the firmware image discovered so far only affects TP-Link devices, the modular design allows the threat actors to create images for a wider range of hardware. The article concludes with recommendations for users to check for potential infections and apply proactive mitigations such as patching routers and using strong passwords.
(Score: 2, Interesting) by Runaway1956 on Saturday May 20 2023, @01:38AM (1 child)
I hope they haven't infected DD-WRT yet! You decide how much sarcasm should apply here, since open source projects are seeing security problems of their own.
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 3, Interesting) by Mojibake Tengu on Saturday May 20 2023, @10:18AM
I have a pile of vulnerable Zyxel ADSL/XDSL modems which are built on crippled dd-wrt by design, no password needed to hack that ones.
Don't think TP-Link any better.
Rust programming language offends both my Intelligence and my Spirit.