1. Forum
  2. FidoNet
  3. CONSPRCY

  • Devices hijacked to botne

    From Mike Powell@1:2320/105 to All on Saturday, March 01, 2025 12:55:00
    Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet

    Date:
    Fri, 28 Feb 2025 16:14:00 +0000

    Description:
    The goal of the botnet has not yet been determined, but many devices are
    under threat.

    FULL STORY ======================================================================
    - Sekoia spots hackers abusing a known flaw in Cisco devices
    - This leads to the discovery of a botnet called PolarEdge
    - Most victims are found in the US, but the botnet is "most prevalent" in
    Asia and South America

    A previously-undocumented botnet has been expanding around the world for more than a year, targeting a range of Cisco, ASUS, QNAP, and Synology devices, experts have warned.

    Cybersecurity researchers Sekoia observed the attacks on their honeypot, and used the information to detail the campaign, its infrastructure, and targets.

    In its report , Sekoia said that as of late 2023, it spotted an unnamed
    threat actor targeting devices vulnerable to CVE-2023-20118 - an improper
    user input validation bug affecting different Cisco Small Business Routers.
    The flaw allowed them to execute arbitrary commands on the affected devices, pulling a malicious payload from a Huawei Cloud server located in Singapore. Digging deeper, Sekoia found traces of the campaign targeting devices from other manufacturers, as well. They named the botnet PolarEdge, and confirmed that at least 2,000 endpoints around the world were infected.

    Endgame unknown

    The botnets goal is unknown at this time, the researchers said.

    The purpose of this botnet has not yet been determined. Cross-checking the IP addresses with our telemetry has not revealed any specific activity, the
    report reads.

    Usually, cybercriminals would develop a network of infected devices to either run Distributed Denial of Service (DDoS) attacks, set up a residential proxy, run spam and phishing campaigns, spread malware, or engage in click fraud.

    The majority of the victims are found in the US, but Sekoia says the botnet appears to be particularly prevalent in Asia and South America, although it cannot be certain if this was a deliberate move by the attackers, or just coincidence.

    Despite infecting a relatively small amount of devices, Sekoia still deemed PolarEdge a dangerous threat.

    The botnet exploits multiple vulnerabilities across different types of equipment, highlighting its ability to target various systems, the report concludes.

    The complexity of the payloads further underscores the sophistication of the operation, suggesting that it is being conducted by skilled operators. This indicates that PolarEdge is a well-coordinated and substantial cyber threat.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cisco-asus-qnap-and-synology-devices-hi jacked-to-major-botnet

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)