Found 5 bookmarks
Custom sorting
Wifi routers and VPN appliances targeted by notorious botnet Quad7
Wifi routers and VPN appliances targeted by notorious botnet Quad7
The mysterious Quad7 botnet has evolved its tactics to compromise several brands of Wi-Fi routers and VPN appliances. It’s armed with new backdoors, multiple vulnerabilities, some of which were previously unknown, and new staging servers and clusters, according to a report by Sekoia, a cybersecurity firm.
#cybernews#EN#2024#quad7#TP-Link#VPN#appliances#routers#targeted
·cybernews.com·
Wifi routers and VPN appliances targeted by notorious botnet Quad7
Solving the 7777 Botnet enigma: A cybersecurity quest
Solving the 7777 Botnet enigma: A cybersecurity quest
  • Sekoia.io investigated the mysterious 7777 botnet (aka. Quad7 botnet), published by the independent researcher Gi7w0rm inside the “The curious case of the 7777 botnet” blogpost. This investigation allowed us to intercept network communications and malware deployed on a TP-Link router compromised by the Quad7 botnet in France. To our understanding, the Quad7 botnet operators leverage compromised TP-Link routers to relay password spraying attacks against Microsoft 365 accounts without any specific targeting. Therefore, we link the Quad7 botnet activity to possible long term business email compromise (BEC) cybercriminal activity rather than an APT threat actor. However, certain mysteries remain regarding the exploits used to compromise the routers, the geographical distribution of the botnet and the attribution of this activity cluster to a specific threat actor. * The insecure architecture of this botnet led us to think that it can be hijacked by other threat actors to install their own implants on the compromised TP-Link routers by using the Quad7 botnet accesses.
#sekoia#EN#2024#7777#botnet#research#Quad7#TP-Link#routers
·blog.sekoia.io·
Solving the 7777 Botnet enigma: A cybersecurity quest
The Pumpkin Eclipse
The Pumpkin Eclipse
Executive Summary Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP). The incident took place over a 72-hour period between October 25-27, rendered the infected devices permanently inoperable, and required a hardware-based replacement. Public scan data Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP).
#lumen#EN#2024#IoT#routers#destructive#SOHO#ISP#72-hour#Chalubo
·blog.lumen.com·
The Pumpkin Eclipse
Eight Arms to Hold You: The Cuttlefish Malware
Eight Arms to Hold You: The Cuttlefish Malware
Executive Summary: The Black Lotus Labs team at Lumen Technologies is tracking a malware platform we’ve named Cuttlefish, that targets networking equipment, specifically enterprise-grade small office/home office (SOHO) routers. This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent local area network (LAN). A
#lumen#EN#2024#Cuttlefish#Malware#SOHO#routers#DNS-hijacking#sniffing#iot
·blog.lumen.com·
Eight Arms to Hold You: The Cuttlefish Malware