Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

Malware Turns Home Routers Into Proxies for Chinese State-Sponsored Hackers

posted by janrinok on Friday May 19 2023, @11:24PM   Printer-friendly

ChatGPT writes:

Malware turns home routers into proxies for Chinese state-sponsored hackers

Researchers have uncovered malicious firmware that can turn residential and small office routers into proxies for Chinese state-sponsored hackers. The firmware implant, discovered by Check Point Research, includes a full-featured backdoor that allows attackers to establish communication, issue commands, and perform file transfers with infected devices. The implant was found in TP-Link routers but could be modified to work on other router models.

The malware's main purpose is to relay traffic between infected targets and command-and-control servers, obscuring the origins and destinations of the communication. The control infrastructure was traced back to hackers associated with the Chinese government. By using a chain of infected devices, the attackers can hide the final command and control and make it difficult for defenders to detect and respond to the attack.

This technique of using routers and other IoT devices as proxies is a common tactic among threat actors. The researchers are unsure how the implant is installed on devices but suspect it could be through exploiting vulnerabilities or weak administrative credentials.

While the firmware image discovered so far only affects TP-Link devices, the modular design allows the threat actors to create images for a wider range of hardware. The article concludes with recommendations for users to check for potential infections and apply proactive mitigations such as patching routers and using strong passwords.

Original Submission

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Malware Turns Home Routers Into Proxies for Chinese State-Sponsored Hackers | Log In/Create an Account | Top | 11 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Informative) by shrewdsheep on Saturday May 20 2023, @08:58AM (1 child)

    by shrewdsheep (5215) Subscriber Badge on Saturday May 20 2023, @08:58AM (#1307110)

    Best practices suggest that external ssh login into the router should be disabled, as in blocked by the firewall. I always configure routers from behind the firewall. If you do administrative work for others I understand that there might not be an internal node to work from. However, this would be just be a Rasperry Pi (Zero) with minimal energy overhead.

    Starting Score:    1  point
    Moderation   +4  
       Interesting=1, Informative=3, Total=4
    Extra 'Informative' Modifier   0  
    Total Score:   5  

  • (Score: 2, Interesting) by pTamok on Monday May 22 2023, @09:33AM

    by pTamok (3042) on Monday May 22 2023, @09:33AM (#1307299)

    Point taken Re: best practices - and you are correct, internal nodes are not possible.

    Sometimes you have to do the best of a bad job handed to you. The passwords are high-entropy (generated by some audited code), so unlikely to be guessed. There is more likely to be a vulnerability in the underlying OS and/or firmware that can be exploited.