Security News > 2023 > May > Hackers infect TP-Link router firmware to attack EU entities
The backdoor malware is deployed in a custom and malicious firmware designed specifically for TP-Link routers so that the hackers can launch attacks appearing to originate from residential networks.
While Check Point has not determined how the attackers infect TP-Link routers with the malicious firmware image, they said it could be by exploiting a vulnerability or brute-forcing the administrator's credentials.
The firmware also modifies the management web panel, preventing the device's owner from flashing a new firmware image for the router and ensuring the persistence of the infection.
The researchers say the Horse Shell firmware implant is firmware-agnostic, so it could theoretically work in firmware images for other routers by different vendors.
Users are advised to apply the latest firmware update for their router model to patch any existing vulnerabilities and change the default admin password to something strong.
Edge network devices have become a popular target for state-sponsored threat actors, with Chinese hackers previously targeting Fortinet VPN and SonicWall SMA routers with custom firmware implants.
News URL
Related news
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)