Hackers are infecting routers to set up a framework—that will facilitate a ‘larger target’.
If you have an internet router that isn’t up to date or obsolete, you may want to be careful – as a new report claims Chinese hackers are using them to install backdoor malware to compromise networks. are targeting.
If you have an internet router that isn’t up to date or obsolete, you may want to be careful – as a new report claims Chinese hackers are using them to install backdoor malware to compromise networks. are targeting.
As reported by Check Point Research, a hacker group named ‘Camaro Dragon’ is implanting TP-Link routers with harmful software – including a backdoor named ‘Horse Shell’. This backdoor agent can give hackers complete control of the infected device – as it remains undetected – and continue to access the compromised network.
The attacks are reportedly being carried out against European foreign affairs institutions and are said to be “Chinese state-sponsored”.
Larger, more ambitious attacks are carried out using router implants, according to the report. “Router implants are often installed on arbitrary devices of no particular interest, with the aim of creating a chain of nodes between the main transition and the actual command and control,” the report said.
Simply put, hackers are infecting routers to set up a framework – which will facilitate a ‘larger target’.
However, it is currently not certain how the hackers gained access to TP-Link devices and infected them with malicious implants—but it could be possible that the hackers may have targeted devices with already known vulnerabilities or weak passwords. To have gained access by intentionally scanning them.
Furthermore, the attacks are not limited to TP-Link routers, but other vendors’ products are also susceptible. Ergo, always choose strong passwords, update your equipment to the latest available software, and update your router as well—as manufacturers will have released patches to address vulnerabilities.
