Sign In

Communications of the ACM

ACM TechNews

Hacker Group Is Eavesdropping on Corporate Email, FTP Traffic


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Eavesdropping on passing traffic.

A hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks since at least December, according to Chinese security firm Qihoo 360.

Credit: trendmicro.com

The Chinese security firm Qihoo 360 reports that a hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks since at least early December.

Qihoo researchers detected two different threat actors that each exploited a different zero-day vulnerability.

Attack Group A, the more sophisticated of the two, took advantage of a vulnerability in the RSA-encrypted login mechanism of DrayTek devices to hide malicious code inside the router's username login field.

Attack Group B exploited a zero-day vulnerability in the "rtick" process to create backdoor accounts on the hacked routers.

In response, DrayTek released firmware patches, including one for a now-discontinued router model, on Feb. 10.

From ZDNet
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found