- Oct 3, 2022
- 614
- Content source
- https://www.ic3.gov/Media/News/2024/240918.pdf
The Federal Bureau of Investigation (FBI), Cyber National Mission Force (CNMF), and National Security Agency (NSA) assess that People’s Republic of China (PRC)-linked cyber actors have compromised many thousands of Internet-connected devices, including small office/home office (SOHO) routers, firewalls, network-attached storage (NAS) and Internet of Things (IoT) devices.
A variety of subdomains of “w8510.com” were linked to the botnet’s C2 servers. As of September 2024, investigators identified over 80 subdomains associated with w8510.com. ( IOC indicator of compromise )
infected systems include devices that ceased receiving support as early as 2016 to devices that are currently supported.Affected devices were running Linux kernel versions 2.6 through 5.4..
As of June 2024, the botnet consisted of over 260,000 devices. Victim devices which are part of the botnet have been observed in North America, South America, Europe, Africa, Southeast Asia and Australia.
People rely on endpoint telemetry, security agents, software updaters to provide information about software versions and apply patches. But when it comes to firmware — which doesn't support agents — they might not know that vulnerabilities exist in their network or may not have manually applied the patches.
CVE's and device manufacturers are listed in the article, along with suggested mitigations.
Last edited by a moderator: