Network Security, Vulnerability Management, Threat Intelligence

Over 300 orgs compromised through several DrayTek exploits

Adobe Stock

Several undocumented DrayTek Vigor router vulnerabilities have been exploited by ransomware operations to compromise over 300 organizations as part of an attack campaign between August and September 2023, reports SecurityWeek.

Intrusions were initially conducted by the Monstrous Mantis operation, which exfiltrated DrayTek device credentials later shared with its partners Ruthless Mantis, also known as PTI-288, and LARVA-15, also known as Wazawaka, according to an analysis from Forescout. While the REvil-linked Ruthless Mantis leveraged the credentials to facilitate Qilin and Nokoyawa ransomware infections across at least 337 organizations primarily in the Netherlands and the UK, LARVA-15 went on to resell the credentials to other threat actors after compromising organizations in the UK, the Netherlands, Taiwan, France, Germany, Italy, Poland, Taiwan, and Turkey, researchers said. "By selectively sharing decrypted credentials with trusted partners, Monstrous Mantis maintained tight control over victim allocation and ensured operational secrecy. This strategy allowed them to profit indirectly from ransomware attacks executed by their partners while minimizing their own exposure," said the report.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds