SOHO routers used as initial point of compromise in stealth attack campaign

2022-06-30 13:35

Black Lotus Labs, a threat intelligence team within Lumen Technologies, has recently exposed a new modus operandi for an attack campaign that went undiscovered for nearly two years.

One of its most intriguing characteristics is that it targets small office / home office routers as an initial point of compromise, in addition to being particularly stealth.

At the beginning of this attack campaign, A MIPS file compiled for SOHO routers is pushed to routers by exploiting known vulnerabilities.

Several SOHO routers have also been used as proxy C2 nodes, rendering the investigations more difficult.

Cobalt Strike is a known remote access and attack framework that is generally used by both penetration testers and attackers.

The attacking infrastructure was in particular highly protected: Initial exploits came from a virtual private server hosting benign content, while several compromised routers were used as proxies to reach the C2 server.

News URL

https://www.techrepublic.com/article/soho-routers-compromise-attack/

#attack #compromise #router

News URL

Related news