The Chinese security firm Qihoo 360 reports that a hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks since at least early December.
Qihoo researchers detected two different threat actors that each exploited a different zero-day vulnerability.
Attack Group A, the more sophisticated of the two, took advantage of a vulnerability in the RSA-encrypted login mechanism of DrayTek devices to hide malicious code inside the router's username login field.
Attack Group B exploited a zero-day vulnerability in the "rtick" process to create backdoor accounts on the hacked routers.
In response, DrayTek released firmware patches, including one for a now-discontinued router model, on Feb. 10.
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA