1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Quad7 botnet expands, adding SOHO and VPN routers, media servers

    From TechnologyDaily@1337:1/100 to All on Tue Sep 10 15:45:05 2024
    Quad7 botnet expands, adding SOHO and VPN routers, media servers

    Date:
    Tue, 10 Sep 2024 15:33:00 +0000

    Description:
    Botnet is also getting better at staying hidden and operating effectively.

    FULL STORY ======================================================================

    The operators of the Quad7 botnet have been busy, adding new features and expanding their attack surface, according to multiple security researchers
    who have been keeping tabs on the malwares recent evolution.

    Quad7 was first spotted by a researcher alias Gi7w0rm, and experts from Sekoia, when it was only observed targeting TP-Link routers. However, during the following weeks, Quad7 (which was named so for targeting port 7777), expanded to ASUS routers, and now has been observed on Zyxel VPN endpoints, Ruckus wireless routers, and Axentra media servers.

    To compromise these endpoints, a custom malware was written, the researchers further explained. For different types of devices, the botnet has different clusters. Each cluster is a variant of *login, it was explained, with Ruckus, for example, having the rlogin cluster. Other clusters include xlogin,
    alogin, axlogin, and zylogin. Some clusters are relatively large, counting thousands of assimilated devices. Others are smaller, counting as little as two infections. Mnemonic keys and seed phrases

    The researchers dont know the reason for such a small number on some of these clusters, and speculate that they still might be in an experimental phase,
    and that their numbers might mushroom once theyre ready to be deployed.

    The goal of the campaign is also a mystery, but its most likely use case is for distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts.

    Besides expanding, the botnet also improved in terms of communications and obfuscation. Apparently, it is a lot better when it comes to evading detection, as well as operational effectiveness.

    The best way to defend against this type of botnets is to always keep the firmware and software of the devices up to date. If an endpoint is older and no longer supported by the OEM, replacing it with a newer model is the best way to go.

    Via BleepingComputer More from TechRadar Pro This malware botnet bricked
    over 600,000 routers in coordinated attack but no one is really sure why Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/quad7-botnet-expands-adding-soho-and-vp n-routers-media-servers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)