277,000 routers exposed to Eternal Silence attacks via UPnP


Level 37
Thread author
Top Poster
Feb 4, 2016
A malicious campaign known as 'Eternal Silence' is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors.

UPnP is a connectivity protocol optionally available in most modern routers that allows other devices on a network to create port forwarding rules on a router automatically. This allows remote devices to access a particular software feature or device as necessary, with little configuration required by a user.

However, it is yet another technology that trades convenience for security, especially when the UPnP implementation is potentially vulnerable to attacks allowing remote actors to add UPnP port-forwarding entries via a device's exposed WAN connection.

Researchers from Akamai have spotted actors abusing this vulnerability to create proxies that hide their malicious operations, calling the attack UPnProxy.

Out of 3,500,000 UPnP routers found online, 277,000 are vulnerable to UPnProxy, and 45,113 of them have already been infected by hackers.

A new family of injections​

Akamai's analysts speculate that the actors attempt to exploit EternalBlue (CVE-2017-0144) and EternalRed (CVE-2017-7494) on unpatched Windows and Linux systems, respectively.

Leveraging these flaws can lead to an array of potential problems, including resource-consuming cryptominer infections, devastating worm-like attacks that quickly spread to entire corporate networks, or initial access to corporate networks.

The new rulesets defined by the hackers contain the phrase 'galleta silenciosa', which is Spanish for 'silent cookie'.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.