"Thousands of Asus routers have been hacked and are under the control of a suspected China-state group that has yet to reveal its intentions for the mass compromise, researchers said. The hacking spree is either primarily or exclusively targeting seven models of Asus routers, all of which are no longer supported by the manufacturer, meaning they no longer receive security patches, researchers from SecurityScorecard said. So far, it's unclear what the attackers do after gaining control of the devices. SecurityScorecard has named the operation WrtHug."
"SecurityScorecard said it suspects the compromised devices are being used similarly to those found in ORB (operational relay box) networks, which hackers primarily use to conduct espionage to conceal their identity. "Having this level of access may enable the threat actor to use any compromised router as they see fit," SecurityScorecard said. "Our experience with ORB networks suggests compromised devices will commonly be used for covert operations and espionage, unlike DDoS attacks and other types of overt malicious activity typically observed from botnets.""
Thousands of Asus routers have been hacked and are under the control of a suspected China-state group. The campaign primarily targets seven unsupported Asus router models that no longer receive security patches. The attackers' purpose after gaining control remains unclear. The operation has been named WrtHug. Compromised devices appear to be used similarly to ORB (operational relay box) networks, enabling covert operations and espionage rather than overt attacks like DDoS. Infections are concentrated in Taiwan with smaller clusters across South Korea, Japan, Hong Kong, Russia, central Europe, and the United States. Similar state-run ORB campaigns have been linked to China and Russia in prior years.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]