Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label nation-state hackers. Show all posts

Hackers are Targeting Routers Across the Globe

 

When hackers identify an unsecured router, they penetrate it by installing malware that provides them persistence, the ability to launch distributed denial of service (DDoS) assaults, hide malicious data, and more. But what happens when the hackers discover a router that has already been infiltrated by a rival gang? 

Trend Micro cybersecurity researchers published a report that discovered one of two things: either one party allows the other to use the compromised infrastructure for a charge, or they both find a separate technique to break into the device and use it simultaneously. 

The researchers used Ubiquity's EdgeRouters as an example of internet routers that were exploited concurrently by a number of hacker groups, some of which were state-sponsored and others were financially motivated. 

“Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult,” the researchers stated. “This shared interest results in malicious internet traffic blending financial and espionage motives.” 

When it comes to Ubiquity, Trend Micro analysts reported that the APT28 criminal leveraged the endpoints for "persistent espionage campaigns." APT28 is a Russian state-sponsored outfit also known as Fancy Bear or Pawn Storm. At the same time, they discovered a financially motivated group known as the Canadian Pharmacy Gang, which used the same infrastructure to launch pharmaceutical-related phishing activities. Finally, they discovered the Ngioweb malware being loaded directly into the RAM of these devices, which was attributed to the Ramnit group.

The main reason EdgeRouters were so often targeted was that their victims either left them completely undefended or with only weak security. They don't stand out much from other routers, which are all equally desirable targets for hackers. Trend Micro found that this is due to the fact that they have less stringent password demands, are rarely updated, and operate on powerful operating systems that can be utilised for a variety of purposes.

US Think Tank Struck by Cyberattack

 

The Heritage Foundation, a prominent conservative think tank based in Washington, DC, revealed on Friday that it had fallen victim to a cyberattack earlier in the week. The attack, which occurred amid ongoing efforts to mitigate its effects, left the organization grappling with uncertainties regarding potential data breaches. 

Although the exact extent of the breach remained unclear, the foundation took proactive measures by temporarily shutting down its network to prevent further infiltration while launching an investigation into the incident.

Initial reports of the cyberattack surfaced through Politico, citing a Heritage official who speculated that the perpetrators behind the attack could be nation-state hackers. However, no concrete evidence was provided to substantiate this claim. Despite inquiries, Heritage spokesperson Noah Weinrich refrained from offering comments, both on Thursday via email and when approached by TechCrunch on Friday.

Founded in 1973, the Heritage Foundation has emerged as a significant force in conservative advocacy and policymaking, exerting considerable influence within Republican circles. Yet, its prominence also renders it a prime target for cyber threats, with think tanks often serving as lucrative targets for cyber espionage due to their close ties to government entities and policymaking processes. 

This incident marks another instance in which Heritage has faced cyber adversity, reminiscent of a 2015 attack that resulted in the unauthorized access and theft of internal emails and sensitive donor information.