Skip to main content

Posts

Showing posts from March 31, 2020

Hackers Exploiting Two 0-Day Bugs in DrayTek Routers & Create A Backdoor in Enterprise Networks

Researchers observed two new hackers groups abusing two DrayTek Routers’ zero-day vulnerabilities to exploit the enterprise network routers and perform a series of attacks. Recently we have  reported  a similar attack in which hackers hijack Home Routers & Change The DNS Settings to implant malware via a malicious website. This is another new wave of attack where attackers using zero-day bugs to perform attacks including eavesdropping on device’s network traffic, running SSH services on high ports, creating system backdoor accounts, and implanting specific malicious Web Session backdoor. The ongoing zero-day attack was initially disclosed on December 25, 2019, with an indicator of compromise (IOC), and it is highly weaponized in nature. 360 Netlab @360Netlab #0-day Since 2019-12-04 08:22:29 (UTC), we have been witnessing ongoing 0 day attack targeting a network CPE vendor (not the big players, but there are about ~100,000 devices online accor...