TP-Link routers implanted with malicious firmware in state-sponsored attacks

2023-05-17 12:39

A Chinese state-sponsored APT group implanted malicious firmware into TP-Link routers as part of attack campaigns aimed at European foreign affairs entities, say Check Point researchers.

The malicious firmware was exclusively created for TP-Link routers.

As a result, they could be included in different firmware by various vendors," the researchers noted.

The researchers are not sure how the attackers managed to infect the routers, but believe they likely gained access by exploiting known vulnerabilities or default, weak or easily guessable passwords.

Although the campaigns targeted European foreign affairs entities, researchers don't know who the victims of the router implant are.

"Learning from history, router implants are often installed on arbitrary devices with no particular interest, with the aim to create a chain of nodes between the main infections and real command and control. In other words, infecting a home router does not mean that the homeowner was specifically targeted, but rather that they are only a means to a goal," they explained.

News URL

https://www.helpnetsecurity.com/2023/05/17/tp-link-routers-malicious-firmware/

#attack #firmware #router #statesponsored

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
TP Link		442	16	97	106	115	334

News URL

Related news

Related vendor