Lädt...


📰 Hackers Backed By Russia and China Are Infecting SOHO Routers Like Yours, FBI Warns


Nachrichtenbereich: 📰 IT Security Nachrichten
🔗 Quelle: it.slashdot.org

An anonymous reader quotes a report from Ars Technica: The FBI and partners from 10 other countries are urging owners of Ubiquiti EdgeRouters to check their gear for signs they've been hacked and are being used to conceal ongoing malicious operations by Russian state hackers. The Ubiquiti EdgeRouters make an ideal hideout for hackers. The inexpensive gear, used in homes and small offices, runs a version of Linux that can host malware that surreptitiously runs behind the scenes. The hackers then use the routers to conduct their malicious activities. Rather than using infrastructure and IP addresses that are known to be hostile, the connections come from benign-appearing devices hosted by addresses with trustworthy reputations, allowing them to receive a green light from security defenses. "In summary, with root access to compromised Ubiquiti EdgeRouters, APT28 actors have unfettered access to Linux-based operating systems to install tooling and to obfuscate their identity while conducting malicious campaigns," FBI officials wrote in an advisory Tuesday. APT28 -- one of the names used to track a group backed by the Russian General Staff Main Intelligence Directorate known as GRU -- has been doing just for at least the past four years, the FBI has alleged. Earlier this month, the FBI revealed that it had quietly removed Russian malware from routers in US homes and businesses. The operation, which received prior court authorization, went on to add firewall rules that would prevent APT28 -- also tracked under names including Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit -- from being able to regain control of the devices. On Tuesday, FBI officials noted that the operation only removed the malware used by APT28 and temporarily blocked the group using its infrastructure from reinfecting them. The move did nothing to patch any vulnerabilities in the routers or to remove weak or default credentials hackers could exploit to once again use the devices to surreptitiously host their malware. "The US Department of Justice, including the FBI, and international partners recently disrupted a GRU botnet consisting of such routers," they warned. "However, owners of relevant devices should take the remedial actions described below to ensure the long-term success of the disruption effort and to identify and remediate any similar compromises." Those actions include: - Perform a hardware factory reset to remove all malicious files - Upgrade to the latest firmware version - Change any default usernames and passwords - Implement firewall rules to restrict outside access to remote management services

Read more of this story at Slashdot.

...

📰 Hackers Backed By Russia and China Are Infecting SOHO Routers Like Yours, FBI Warns


📈 126.11 Punkte
📰 IT Security Nachrichten

📰 China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally


📈 43.82 Punkte
📰 IT Security Nachrichten

📰 What’s yours in yours: The case for decentralized data sharing and collaboration


📈 37.79 Punkte
📰 IT Security Nachrichten

📰 FBI disrupts Russian Moobot botnet infecting Ubiquiti routers


📈 36.28 Punkte
📰 IT Security Nachrichten

📰 U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO Routers


📈 35.86 Punkte
📰 IT Security Nachrichten

📰 Chinese APT40 hackers hijack SOHO routers to launch attacks


📈 35.5 Punkte
📰 IT Security Nachrichten

📰 China is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warns


📈 34.47 Punkte
📰 IT Security Nachrichten

📰 In A Year Like No Other, What Did Yours Look Like? Take The Survey.


📈 31.94 Punkte
📰 IT Security Nachrichten

📰 Novidade Exploit Kit Actively Targeting SOHO and Home Routers


📈 31.63 Punkte
📰 IT Security Nachrichten

📰 New Exploit Kit “Novidade” Targets Home and SOHO Routers


📈 31.63 Punkte
📰 IT Security Nachrichten

🕵️ Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors


📈 31.63 Punkte
🕵️ Hacking

📰 SOHO Routers in North America and Europe Targeted With 'ZuoRAT' Malware


📈 31.63 Punkte
📰 IT Security Nachrichten

📰 Mirai Botnet and Gafgyt DDoS Team Up Against SOHO Routers., (Tue, Dec 6th)


📈 31.63 Punkte
📰 IT Security

🕵️ Volt Typhoon’s KV-Botnet and the Threat to Global Communications, Attacks on SOHO routers


📈 31.63 Punkte
🕵️ Hacking

📰 Quad7 botnet targets more SOHO and VPN routers, media servers


📈 31.63 Punkte
📰 IT Security Nachrichten

📰 Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances


📈 31.63 Punkte
📰 IT Security Nachrichten

📰 Ignore that FBI. We're the real FBI, says the FBI that's totally the FBI


📈 31 Punkte
📰 IT Security Nachrichten

📰 New Exploit Kit Targets SOHO Routers


📈 29.97 Punkte
📰 IT Security Nachrichten

🕵️ Novidade, a new Exploit Kit is targeting SOHO Routers


📈 29.97 Punkte
🕵️ Hacking

📰 Novidade, a new Exploit Kit is targeting SOHO Routers


📈 29.97 Punkte
📰 IT Security Nachrichten

📰 Scanning for SOHO Routers, (Sat, Oct 3rd)


📈 29.97 Punkte
📰 IT Security

📰 Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers


📈 29.97 Punkte
📰 IT Security Nachrichten

📰 New ZuoRAT malware targets SOHO routers in North America, Europe


📈 29.97 Punkte
📰 IT Security Nachrichten

📰 ZuoRAT malware hijacks SOHO Routers to spy in the vitims


📈 29.97 Punkte
📰 IT Security Nachrichten

📰 ZuoRAT Hijacks SOHO Routers from Cisco, Netgear


📈 29.97 Punkte
📰 IT Security Nachrichten

📰 ZuoRAT Exploits Weaknesses in SOHO Routers to Target Remote Employees


📈 29.97 Punkte
📰 IT Security Nachrichten

📰 SOHO routers used as initial point of compromise in stealth attack campaign


📈 29.97 Punkte
📰 IT Security Nachrichten

📰 ZuoRAT Can Take Over Widely Used SOHO Routers


📈 29.97 Punkte
📰 IT Security Nachrichten

📰 Week in review: ZuoRAT targeting SOHO routers, trends affecting your security strategy


📈 29.97 Punkte
📰 IT Security Nachrichten

📰 ZuoRAT Malware Targets SOHO Routers In North America, Europe – Expert Comment


📈 29.97 Punkte
📰 IT Security Nachrichten

📰 APT campaign targeting SOHO routers highlights risks to remote workers


📈 29.97 Punkte
📰 IT Security Nachrichten

📰 CISA: Vendors must secure SOHO routers against Volt Typhoon attacks


📈 29.97 Punkte
📰 IT Security Nachrichten

📰 Cuttlefish malware targets enterprise-grade SOHO routers


📈 29.97 Punkte
📰 IT Security Nachrichten

matomo