Network Security, Threat Intelligence

Quad7 botnet operation expands targeting, infrastructure

Share
Credit: Adobe Stock Images

More SOHO devices are being targeted by the Quad7 botnet operation, which has also been leveraging new backdoors and staging servers to better conceal distributed brute-force intrusions, according to BleepingComputer.

Thousands of TP-Link and ASUS routers have already been part of Quad7's major 'xlogin' and 'alogin' clusters, while nearly 300 Ruckus wireless devices have been compromised to be included in the 'rlogin' cluster that commenced in June, a report from Sekoia revealed. While there have been few to no Axentra network-attached storage devices and Zyxel VPN appliances infected by the botnet, more security flaws could be integrated to facilitate expanded attacks, said Sekoia researchers. Aside from increasing its targeting scope, Quad7 has moved to further obfuscate malicious activities by transitioning to the more advanced FsyNet tool for relaying attacks, as well as adopting the novel UPDTAE backdoor and netd binary. Quad7's advancing operations should prompt the implementation of up-to-date firmware security updates and robust passwords across SOHO devices, researchers added.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.