Cyber-Espionage Groups Are Increasingly Leveraging Routers in Their Attacks

Faybert

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,320
Content source
https://www.bleepingcomputer.com/news/security/cyber-espionage-groups-are-increasingly-leveraging-routers-in-their-attacks/
Cyber-espionage groups —also referred to as advanced persistent threats (APTs)— are using hacked routers more and more during their attacks, according to researchers at Kaspersky Lab.

"It's not necessarily something new. Not something that just exploded," said Costin Raiu, director of Global Research and Analysis Team (GReAT) at Kaspersky Lab, in a webinar today.

"We've seen a bunch of router attack throughout the years. A very good example is SYNful Knock, a malicious implant for Cisco [routers] that was discovered by FireEye but also threat actors such as Regin and CloudAtlas. Both APTs have been known to have and own proprietary router implants."
The number of APTs using router hacks has increased
But the number of APTs leveraging routers for attacks has gone steadily up in the past year, and the tactic has become quite widespread in 2018.

For example, the Slingshot APT (believed to be a US Army JSOC operation targeting ISIS militants) has used hacked MikroTik routers to infect victims with malware.

Similarly, the Inception Framework APT, another nation-state-backed cyber-espionage operation, hacked home routers and built a network of proxies it could hide behind using an attack known as UPnProxy.
..........
..........
Click to expand...
Raiu: A lot of things happening in the background
LuckyMouse is a new APT. There is no public report detailing the LuckyMouse APT's activity, but this is one of the few cases where researchers have managed to link router hacks to a cyber-espionage group's operations. More incidents still need to be investigated, such as the mysterious case of synchronized router reboots.

"One thing interesting in Q1 [2018], we've seen a Govcert advisory on unusual reboots for a prominent router brand. In some cases, these reboots were taking place at the pretty much the same minute across multiple devices deployed in infrastructures, suggesting that it's somehow coordinated," Raiu said today.
........
........
Click to expand...
 
  • Like
Reactions: Mariihh and harlan4096
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
    • Thanks
TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments
Replies
0
Views
1,096
News Archive
silversurfer
silversurfer
[correlate]
    • Like
Mandiant details Chinese cyber espionage hackers evolve stealth tactics to avoid detection
Replies
0
Views
1,041
News Archive
[correlate]
[correlate]
[correlate]
    • Like
China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors
Replies
0
Views
1,179
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top