Security News > 2023 > May > Hackers infect TP-Link router firmware to attack EU entities
The backdoor malware is deployed in a custom and malicious firmware designed specifically for TP-Link routers so that the hackers can launch attacks appearing to originate from residential networks.
While Check Point has not determined how the attackers infect TP-Link routers with the malicious firmware image, they said it could be by exploiting a vulnerability or brute-forcing the administrator's credentials.
The firmware also modifies the management web panel, preventing the device's owner from flashing a new firmware image for the router and ensuring the persistence of the infection.
The researchers say the Horse Shell firmware implant is firmware-agnostic, so it could theoretically work in firmware images for other routers by different vendors.
Users are advised to apply the latest firmware update for their router model to patch any existing vulnerabilities and change the default admin password to something strong.
Edge network devices have become a popular target for state-sponsored threat actors, with Chinese hackers previously targeting Fortinet VPN and SonicWall SMA routers with custom firmware implants.
News URL
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)