Security News > 2020 > March > Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks

Cybersecurity researchers with Qihoo 360's NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek.

According to the report, at least two separate groups of hackers exploited two critical remote command injection vulnerabilities affecting DrayTek Vigor enterprise switches, load-balancers, routers and VPN gateway devices to eavesdrop on network traffic and install backdoors.

The zero-day attacks started somewhere at the end of last November or at the beginning of December and are potentially still ongoing against thousands of publicly exposed DrayTek switches, Vigor 2960, 3900, 300B devices that haven't yet been patched with the latest firmware updates released last month.

NetLab researchers have not yet attributed both attacks to any specific group, but it did confirm that while the first group simply spied on the network traffic, the second group of attackers used rtick command injection vulnerability to create:the web-session backdoor that never expires,.

To be noted, if you have just recently installed the patched firmware, or installing now, it won't remove backdoor accounts automatically in case you're already compromised.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/wBKlnnST2Zo/draytek-network-hacking.html