Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers
Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure.
Stack Overflow Teams
Disclosed by Tenable on August 3, the issue is believed to have existed for at least 10 years, affecting at least 20 models across 17 different vendors, including Asus, Beeline, British Telecom, Buffalo, Deutsche Telekom, Orange, Telstra, Telus, Verizon, and Vodafone.
Successful exploitation of the could enable an attacker to circumvent authentication barriers and potentially gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.
Unit 42’s report had previously uncovered as many as six known and three unknown security flaws that were exploited in the attacks, counting those targeted at SonicWall SSL-VPNs, D-Link DNS-320 firewalls, Netis WF2419 wireless routers, and Netgear ProSAFE Plus switches.
To avoid any potential compromise, users are recommended to update their router firmware to the latest version.
Experts Believe Chinese Hackers Are Behind Several Attacks Targeting Israel
A Chinese cyber espionage group has been linked to a string of intrusion activities targeting Israeli government institutions, IT providers, and telecommunications companies at least since 2019.
Stack Overflow Teams
«The group targets data and organizations which are of great interest to Beijing’s financial, diplomatic, and strategic objectives,» the findings reflecting a relentless appetite for defense-related secrets among hacking groups.
Early attacks perpetrated by the collective is said to have exploited a Microsoft SharePoint vulnerability as a stepping stone toward infiltrating government and academic networks to deploy web shells and FOCUSFJORD payloads at targets in the Middle East and Central Asia. First described by the NCC Group in 2018, FOCUSFJORD, also called HyperSSL and Sysupdate, is a backdoor that’s part of an arsenal of tools put to use by the Emissary Panda actor.
Prevent Data Breaches
What’s more, in a 2019 operation against an Israeli government network, UNC215 obtained access to the primary target via remote desktop protocol connections from a trusted third-party using stolen credentials, abusing it to deploy and remotely execute the FOCUSFJORD malware, the cybersecurity firm noted.
«The activity demonstrates China’s consistent strategic interest in the Middle East,» the researchers concluded.
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT