CyberNews Briefs

SOHO routers used as initial point of compromise in stealth attack campaign

An attack campaign that was undiscovered for nearly two years was exposed by Black Lotus Labs, an intelligence team in Lumen Technologies. The campaign is highly sophisticated. It targets small office or home office (SOHO) routers as a point of compromise. 

The campaign works by first pushing an MIPS file compiled for SOHO routers to routers through known vulnerabilities. The malware is ZuroRAT and is designed to collect information about the devices and LANit can access after infecting a computer. After being infected, the malware is in the hosts and internal LAN. it can capture network packets and perform man-in-the middle attacks. The malware also tries to find the IP address of the router, and if it can’t find it, the malware deletes itself. The malware can pivot from the router to the network’s workstations to execute trojans CBeacon, GoBeacon or Cobalt Strike. ZuoRAT is found to typically target American and western European organizations. Over nine months, it is expected at least 80 targets were affected by the campaign, but there are likely more.

Read more: SOHO routers used as initial point of compromise in stealth attack campaign

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.