Security News > 2020 > March > Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks
Cybersecurity researchers with Qihoo 360's NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek.
According to the report, at least two separate groups of hackers exploited two critical remote command injection vulnerabilities affecting DrayTek Vigor enterprise switches, load-balancers, routers and VPN gateway devices to eavesdrop on network traffic and install backdoors.
The zero-day attacks started somewhere at the end of last November or at the beginning of December and are potentially still ongoing against thousands of publicly exposed DrayTek switches, Vigor 2960, 3900, 300B devices that haven't yet been patched with the latest firmware updates released last month.
NetLab researchers have not yet attributed both attacks to any specific group, but it did confirm that while the first group simply spied on the network traffic, the second group of attackers used rtick command injection vulnerability to create:the web-session backdoor that never expires,.
To be noted, if you have just recently installed the patched firmware, or installing now, it won't remove backdoor accounts automatically in case you're already compromised.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/wBKlnnST2Zo/draytek-network-hacking.html
Related news
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Aiohttp bug to find vulnerable networks (source)
- Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)