Cybersecurity researchers from Check Point Research (CPR) have discovered a new backdoor for home and office routers.

The backdoor, named Horse Shell, allows threat actors full control of the infected endpoint, the researchers say, as well as letting them stay hidden and giving access to the wider network. 

According to CPR, the group behind the attack is Camaro Dragon – a Chinese Advanced Persistent Threat (APT) group with direct links to the Chinese government. Its infrastructure also “significantly overlaps” with that of another state-sponsored Chinese attacker – Mustang Panda.

Targeting poorly secured devices

While the researchers found Horse Shell on TP-Link routers, they claim the malware is firmware-agnostic, and doesn’t target specific brands. Instead, a “wide range of devices and vendors may be at risk”, they say, suggesting that the attackers are more likely going for gear with known vulnerabilities, or with weak and easily guessable login credentials. 

They also couldn’t pinpoint exactly who the target of the campaign is. While Camaro Dragon sought to install Horse Shell on routers belonging to European foreign affairs entities, it’s difficult to say who they were going after. 

“Learning from history, router implants are often installed on arbitrary devices with no particular interest, with the aim to create a chain of nodes between the main infections and real command and control,” CPR explains. “In other words, infecting a home router does not mean that the homeowner was specifically targeted, but rather that they are only a means to a goal.”

To protect against Camaro Dragon, Mustang Panda, and other malicious actors, businesses should make sure to regularly update the firmware and software of routers and other devices; to regularly update passwords and other login credentials and use multi-factor authentication (MFA) whenever possible; and to use state-of-the-art endpoint protection solutions, firewalls, and other antivirus programs. 

Finally, businesses should educate their employees on the dangers of phishing and social engineering to make sure they don’t unknowingly share their login credentials with malicious individuals. 

Go to Source

Follow us on FacebookTwitter and InstagramWe are growing. Join our 6,000+ followers and us.

At will strive to help turn Tech Rookies into Pros!

Want more articles click Here!

Deals on Homepage!

M1 Finance is a highly recommended brokerage start investing today here!

WeBull. LIMITED TIME OFFER: Get 3 free stocks valued up to $6300 by opening & funding a #Webull brokerage account! “>Get started >Thanks for visiting!

Subscribe to our newsletters. Here! On the homepage

Tech Rookies Music Here!

Disclaimer: I get commissions for purchases made through links in this post at no charge to you and thanks for supporting Tech Rookies.

Disclosure: Links contain affiliates. When you buy through one of our links we will receive a commission. This is at no cost to you. Thank you for supporting

Disclaimer: This article is for information purposes and should not be considered professional investment advice. It contains some forward-looking statements that should not be taken as indicators of future performance. Every investor has a different risk profile and goals. All investments have risks. Always do your own research or hire an expert before investing and trading.