October 31, 2024 at 04:10PM Microsoft has reported that Chinese threat actors utilize the Quad7 botnet, composed of hacked SOHO routers, for password-spray attacks to steal credentials. The botnet employs custom malware for remote access and evades detection using a SOCKS5 proxy. Once credentials are obtained, networks are compromised to exfiltrate data. ### Meeting Takeaways … Read more
July 9, 2024 at 11:13AM The joint advisory from international cybersecurity agencies and law enforcement warns of Chinese state-sponsored APT40’s cyberespionage attacks. APT40, known by various aliases, targets government and private entities in the US and Australia. They exploit vulnerabilities in public-facing infrastructure and edge networking devices and utilize hijacked SOHO routers for launching attacks. … Read more
May 2, 2024 at 01:18AM The new malware, Cuttlefish, targets small office and home office (SOHO) routers to secretly monitor network traffic and gather authentication data from web requests. It can also hijack DNS and HTTP connections, exfiltrate data, and act as a proxy or VPN. The cybersecurity firm warns that it poses a serious … Read more
May 1, 2024 at 01:38PM The newly discovered malware “Cuttlefish” targets routers to steal authentication details, perform DNS and HTTP hijacking, and potentially evade detection. It primarily infects enterprise-grade and SOHO routers, with a focus on public cloud-based services. The malware has been active since at least last July and has links to HiatusRat, revealing … Read more
February 7, 2024 at 10:27AM Chinese Volt Typhoon hackers failed to revive a botnet previously used in U.S. infrastructure attacks, taken down by the FBI. After dismantling, FBI control prevented re-hijacking attempts, while Black Lotus Labs’ null-routing thwarted revival efforts. The hackers’ past breach targets included U.S. military organizations, telcos, and a European energy firm. … Read more
February 4, 2024 at 12:19PM The U.S. government neutralized the China-linked Volt Typhoon botnet hijacking U.S.-based SOHO routers vulnerable due to end-of-life status. The botnet facilitated covert data transfer through compromised routers and VPN hardware, impacting critical infrastructure sectors. Law enforcement efforts aimed to disrupt the botnet’s activities, emphasizing the need for secure-by-design practices in … Read more
January 31, 2024 at 11:15AM CISA and the FBI have issued a warning to small office/home office (SOHO) router manufacturers to enhance security against attacks by Chinese state-backed hacking group Volt Typhoon. The agencies urge eliminating vulnerabilities, automating security updates, and safeguarding against Volt Typhoon activity. This follows ongoing attacks targeting U.S. critical infrastructure organizations … Read more