- Mar 13, 2022
- 599
Hiatus hacking campaign has infected roughly 100 Draytek routers.
Researchers have uncovered advanced malware that’s turning business-grade routers into attacker-controlled listening posts that can sniff email and steal files in an ongoing campaign hitting North and South America and Europe.
Besides passively capturing IMAP, SMTP, and POP email, the malware also backdoors routers with a remote access Trojan that allows the attackers to download files and run commands of their choice. The backdoor also enables attackers to funnel data from other servers through the router, turning the device into a covert proxy for concealing the true origin of malicious activity.
Threat actors are using advanced malware to backdoor business-grade routers
Hiatus hacking campaign has infected roughly 100 Draytek routers.
arstechnica.com