CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

China’s Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks

admin by admin
May 17, 2023
in Information Security


May 16, 2023Ravie LakshmananNetwork Security / Threat Intel

The Chinese nation-state actor known as Mustang Panda has been linked to a new set of sophisticated and targeted attacks aimed at European foreign affairs entities since January 2023.

An analysis of these intrusions, per Check Point researchers Itay Cohen and Radoslaw Madej, has revealed a custom firmware implant designed explicitly for TP-Link routers.

“The implant features several malicious components, including a custom backdoor named ‘Horse Shell’ that enables the attackers to maintain persistent access, build anonymous infrastructure, and enable lateral movement into compromised networks,” the company said.

“Due to its firmware-agnostic design, the implant’s components can be integrated into various firmware by different vendors.”

Cybersecurity

The Israeli cybersecurity firm is tracking the threat group under the name Camaro Dragon, which is also known as BASIN, Bronze President, Earth Preta, HoneyMyte, RedDelta, and Red Lich.

The exact method used to deploy the tampered firmware images on the infected routers is currently unknown, as is its usage and involvement in actual attacks. It’s suspected that initial access may have been acquired by exploiting known security flaws or brute-forcing devices with default or easily guessable passwords.

What is known is that the C++-based Horse Shell implant provides attackers the ability to execute arbitrary shell commands, upload and download files to and from the router, and relay communication between two different clients.

Exploit TP-Link Routers

But in an interesting twist, the router backdoor is believed to target arbitrary devices on residential and home networks, suggesting that the compromised routers are being co-opted into a mesh network with the goal of creating a “chain of nodes between main infections and real command-and-control.”

In relaying communications between infected routers by using a SOCKS tunnel, the idea is to introduce an additional layer of anonymity and conceal the final server, as each node in the chain contains information only about the nodes preceding and succeeding it.

Put differently, the methods obscure the origin and destination of the traffic in a manner analogous to TOR, making it a lot more challenging to detect the scope of the attack and disrupt it.

“If one node in the chain is compromised or taken down, the attacker can still maintain communication with the C2 by routing traffic through a different node in the chain,” the researchers explained.

UPCOMING WEBINAR

Learn to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

That said, this is not the first time China-affiliated threat actors have relied on a network of compromised routers to meet their strategic objectives.

In 2021, the National Cybersecurity Agency of France (ANSSI) detailed an intrusion set orchestrated by APT31 (aka Judgement Panda or Violet Typhoon) that leveraged a piece of advanced malware known as Pakdoor (or SoWat) to allow the infected routers to communicate with each other.

“The discovery is yet another example of a long-standing trend of Chinese threat actors to exploit internet-facing network devices and modify their underlying software or firmware,” the researchers said.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

AWS completes the 2023 Cyber Essentials Plus certification and NHS Data Security and Protection Toolkit assessment

Next Post

Navigating the Four Stages of IT Management

Related Posts

Information Security

Researchers Unveal GuLoader Malware’s Latest Anti-Analysis Techniques

by admin
December 9, 2023
Information Security

2023 ISO and CSA STAR certificates now available with ISO 27001 transition from 2013 to 2022 version

by admin
December 9, 2023
Information Security

Founder of Bitzlato Cryptocurrency Exchange Pleads Guilty in Money-Laundering Scheme

by admin
December 8, 2023
Information Security

Simplify workforce identity management using IAM Identity Center and trusted token issuers

by admin
December 8, 2023
Information Security

New Stealthy ‘Krasue’ Linux Trojan Targeting Telecom Firms in Thailand

by admin
December 7, 2023
Next Post

Navigating the Four Stages of IT Management

Recommended

Innovateviastronggovernance

December 9, 2023

Technology Innovation of the Year for Summit’s Service Automation Solution

December 9, 2023

Researchers Unveal GuLoader Malware’s Latest Anti-Analysis Techniques

December 9, 2023

2023 ISO and CSA STAR certificates now available with ISO 27001 transition from 2013 to 2022 version

December 9, 2023

6 Main Points Gartner® Avoided in the Market Guide™

December 8, 2023

Founder of Bitzlato Cryptocurrency Exchange Pleads Guilty in Money-Laundering Scheme

December 8, 2023

© CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.