Security News > 2023 > May > TP-Link routers implanted with malicious firmware in state-sponsored attacks

TP-Link routers implanted with malicious firmware in state-sponsored attacks
2023-05-17 12:39

A Chinese state-sponsored APT group implanted malicious firmware into TP-Link routers as part of attack campaigns aimed at European foreign affairs entities, say Check Point researchers.

The malicious firmware was exclusively created for TP-Link routers.

As a result, they could be included in different firmware by various vendors," the researchers noted.

The researchers are not sure how the attackers managed to infect the routers, but believe they likely gained access by exploiting known vulnerabilities or default, weak or easily guessable passwords.

Although the campaigns targeted European foreign affairs entities, researchers don't know who the victims of the router implant are.

"Learning from history, router implants are often installed on arbitrary devices with no particular interest, with the aim to create a chain of nodes between the main infections and real command and control. In other words, infecting a home router does not mean that the homeowner was specifically targeted, but rather that they are only a means to a goal," they explained.


News URL

https://www.helpnetsecurity.com/2023/05/17/tp-link-routers-malicious-firmware/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
TP Link 322 0 74 175 87 336