Article 6BRW0 Malware turns home routers into proxies for Chinese state-sponsored hackers

Malware turns home routers into proxies for Chinese state-sponsored hackers

by
Dan Goodin
from Ars Technica - All content on (#6BRW0)
malware-800x600.jpg

Enlarge (credit: Getty Images)

Researchers on Tuesday unveiled a major discovery-malicious firmware that can wrangle a wide range of residential and small office routers into a network that stealthily relays traffic to command-and-control servers maintained by Chinese state-sponsored hackers.

A firmware implant, revealed in a write-up from Check Point Research, contains a full-featured backdoor that allows attackers to establish communications and file transfers with infected devices, remotely issue commands, and upload, download, and delete files. The implant came in the form of firmware images for TP-Link routers. The well-written C++ code, however, took pains to implement its functionality in a firmware-agnostic" manner, meaning it would be trivial to modify it to run on other router models.

Not the ends, just the means

The main purpose of the malware appears to relay traffic between an infected target and the attackers' command and control servers in a way that obscures the origins and destinations of the communication. With further analysis, Check Point Research eventually discovered that the control infrastructure was operated by hackers tied to Mustang Panda, an advanced persistent threat actor that both the Avast and ESET security firms say works on behalf of the Chinese government.

Read 11 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments