Security News > 2023 > April > Hackers can breach networks using data on resold corporate routers
Enterprise-level network equipment on the secondary market hide sensitive data that hackers could use to breach corporate environments or to obtain customer information.
Core routers are the backbone of a large network as they connect all other network devices.
Initially, the ESET research team bought a few used routers to set up a test environment and found they had not been properly wiped and contained network configuration data as well as information that helped identify the previous owners.
The purchased equipment included four devices from Cisco, three from Fortinet, and 11 from Juniper Networks.
With corporate network devices, the administrator needs to run a few commands to securely wipe the configuration and reset it.
The researchers say that some of the routers retained customer information, data that allowed third-party connections to the network, and even "Credentials for connecting to other networks as a trusted party."
News URL
Related news
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Orange Group confirms breach after hacker leaks company documents (source)
- Silk Typhoon hackers now target IT supply chains to breach networks (source)
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)
- Oracle denies breach after hacker claims theft of 6 million data records (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)
- StreamElements discloses third-party data breach after hacker leaks data (source)
- Hackers lurked in Treasury OCC’s systems since June 2023 breach (source)