Security News NSA found Massive BotNet of routers, firewalls, NAS and IoT operated by PRC

Victor M

Level 13
Thread author
Verified
Top Poster
Well-known
Oct 3, 2022
614
The Federal Bureau of Investigation (FBI), Cyber National Mission Force (CNMF), and National Security Agency (NSA) assess that People’s Republic of China (PRC)-linked cyber actors have compromised many thousands of Internet-connected devices, including small office/home office (SOHO) routers, firewalls, network-attached storage (NAS) and Internet of Things (IoT) devices.

A variety of subdomains of “w8510.com” were linked to the botnet’s C2 servers. As of September 2024, investigators identified over 80 subdomains associated with w8510.com. ( IOC indicator of compromise )

infected systems include devices that ceased receiving support as early as 2016 to devices that are currently supported.Affected devices were running Linux kernel versions 2.6 through 5.4..

As of June 2024, the botnet consisted of over 260,000 devices. Victim devices which are part of the botnet have been observed in North America, South America, Europe, Africa, Southeast Asia and Australia.

People rely on endpoint telemetry, security agents, software updaters to provide information about software versions and apply patches. But when it comes to firmware — which doesn't support agents — they might not know that vulnerabilities exist in their network or may not have manually applied the patches.

CVE's and device manufacturers are listed in the article, along with suggested mitigations.
 
Last edited by a moderator:

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,152
The attached pdf article was released on 18 Sep 24

Just take a look at QNAP QTS/QuTS hero/QuTScloud being compromised. The versions were

QTS 5.1.x before 5.1.5.2645 build 20240116,
QuTS hero h5.1.x before h5.1.5.2647 build 20240118,
QuTScloud c5.x before c5.1.5.2651

If you checked at QNAP website one can see that new firmware versions already being released long time back to patch the vulnerabilities like

QTS 5.1.8.2823 build 20240712​



QuTS hero v5.2 is the latest release


QuTSCloud

QuTScloud c5.1.7.2739 build 20240419​


 

Victor M

Level 13
Thread author
Verified
Top Poster
Well-known
Oct 3, 2022
614
Some people also have this concept of hardware that it is 'computer chips and stuff' , not software and is not patchable.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top