ZuoRAT Malware Targets SOHO Routers To Infiltrate Networks

Researchers from Lumen’s Black Lotus Labs threat intelligence unit have discovered a remote access trojan (RAT) called ZuoRAT. The malware targets remote employees by exploiting vulnerabilities in unpatched small office/home office (SOHO) routers.

The researchers estimate that at least 80 targets were affected by the campaign.

Lumen believes that the capabilities of the malware suggest that it was the work of a highly sophisticated actor.

These capabilities include “gaining access to SOHO devices of different makes and models, collecting host and LAN information to inform targeting, sampling and hijacking network communications to gain potentially persistent access to in-land devices, and intentionally stealth C2 infrastructure leveraging multistage siloed router to router communications.”

Lumen admits, however, that it has limited insight into the broader capabilities of the actor, but Lumen’s researchers are “confident” that the elements it is tracking are part of a broader campaign.

SOHO router manufacturers compromised include ASUS, Cisco, DrayTek, and Netgear.

The sources for this piece include an article in ZDNet.

ZuoRAT Malware Targets SOHO Routers To Infiltrate Networks

Top Stories

OpenAI pauses ChatGPT erotic mode “indefinitely”

Researcher Says “APT” Label No Longer Reflects the Threat Landscape

How do you select a graph database? – Part 1

OpenAI plans major hiring push as competition intensifies

Intel to raise CPU prices by 10% as AI demand strains supply

Microsoft scales back Copilot integrations across Windows apps

Related Articles

OpenAI pauses ChatGPT erotic mode “indefinitely”

U.S. lawmakers propose pause on AI datacentre expansion

Roblox safety measures face scrutiny despite new age verification rollout

Wikipedia bans AI-generated content in articles, allows limited editing use

TND Newsdesk

TND Newsdesk

Jim Love

Follow Us

Popular categories

Tech News Delivered