TP-Link routers targeted by state-sponsored hackers with custom malware implant.
Chinese state-sponsored hacking group "Camaro Dragon" has infected TP-Link routers with a custom "Horse Shell" malware to attack European foreign affairs organizations. The malware is deployed in a custom and malicious firmware designed specifically for TP-Link routers, allowing the hackers to launch attacks appearing to originate from residential networks. The deployed malware allows the threat actors full access to the device, including running shell commands, uploading and downloading files, and using it as a SOCKS proxy to relay communication between devices. Users are advised to apply the latest firmware update for their router model to patch any existing vulnerabilities and change the default admin password to something strong.
- Hackers infect TP-Link router firmware to attack EU entities BleepingComputer
- Malware turns home routers into proxies for Chinese state-sponsored hackers Ars Technica
- The Dragon Who Sold His Camaro: Analyzing Custom Router Implant Check Point Research
- China's Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks The Hacker News
- Camaro Dragon APT Group Exploits TP-Link Routers With Custom Implant Infosecurity Magazine
Reading Insights
0
3
4 min
vs 5 min read
87%
849 → 108 words
Want the full story? Read the original article
Read on BleepingComputer