Security News NSA found Massive BotNet of routers, firewalls, NAS and IoT operated by PRC

Victor M

Victor M

Level 12
Thread author
Verified
Top Poster
Well-known
Oct 3, 2022
573
Content source
https://www.ic3.gov/Media/News/2024/240918.pdf
The Federal Bureau of Investigation (FBI), Cyber National Mission Force (CNMF), and National Security Agency (NSA) assess that People’s Republic of China (PRC)-linked cyber actors have compromised many thousands of Internet-connected devices, including small office/home office (SOHO) routers, firewalls, network-attached storage (NAS) and Internet of Things (IoT) devices.

A variety of subdomains of “w8510.com” were linked to the botnet’s C2 servers. As of September 2024, investigators identified over 80 subdomains associated with w8510.com. ( IOC indicator of compromise )

infected systems include devices that ceased receiving support as early as 2016 to devices that are currently supported.Affected devices were running Linux kernel versions 2.6 through 5.4..

As of June 2024, the botnet consisted of over 260,000 devices. Victim devices which are part of the botnet have been observed in North America, South America, Europe, Africa, Southeast Asia and Australia.

People rely on endpoint telemetry, security agents, software updaters to provide information about software versions and apply patches. But when it comes to firmware — which doesn't support agents — they might not know that vulnerabilities exist in their network or may not have manually applied the patches.

CVE's and device manufacturers are listed in the article, along with suggested mitigations.
Click to expand...
 
Last edited by a moderator:
  • Like
  • Wow
Reactions: Jonny Quest, [correlate], Sorrento and 2 others
H

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,134
The attached pdf article was released on 18 Sep 24

Just take a look at QNAP QTS/QuTS hero/QuTScloud being compromised. The versions were

QTS 5.1.x before 5.1.5.2645 build 20240116,
QuTS hero h5.1.x before h5.1.5.2647 build 20240118,
QuTScloud c5.x before c5.1.5.2651

If you checked at QNAP website one can see that new firmware versions already being released long time back to patch the vulnerabilities like

QTS 5.1.8.2823 build 20240712​


www.qnap.com

QTS 5.1 Series | Release Notes

You can get all of QNAP operating systems release notes here
www.qnap.com www.qnap.com

QuTS hero v5.2 is the latest release

www.qnap.com

QTS 5.2.0.2860 build 20240817 | Release Notes

You can get all of QNAP operating systems release notes here
www.qnap.com www.qnap.com

QuTSCloud

QuTScloud c5.1.7.2739 build 20240419​


www.qnap.com

QuTScloud c5.1 Series | Release Notes

You can get all of QNAP operating systems release notes here
www.qnap.com www.qnap.com
 
  • Like
  • Applause
Reactions: Victor M, [correlate], Sorrento and 2 others
Victor M

Victor M

Level 12
Thread author
Verified
Top Poster
Well-known
Oct 3, 2022
573
Some people also have this concept of hardware that it is 'computer chips and stuff' , not software and is not patchable.
 

Similar threads

blackice
    • Like
    • +Reputation
    • Wow
Russian Cyclops Blink botnet launches assault against Asus routers
Replies
1
Views
1,136
News Archive
blackice
blackice
LASER_oneXM
    • Like
    • +Reputation
This IoT malware is forcing Wi-Fi routers to join its botnet army
Replies
0
Views
1,076
News Archive
LASER_oneXM
LASER_oneXM
BoraMurdar
    • Like
Guide | How To Modern Anti-Virus Software : Features and Functions
Replies
36
Views
37,192
Guides - Privacy & Security Tips
Syspact
S

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top