Subscribe

ZuoRAT Malware Targets SOHO Routers To Infiltrate Networks

June 30, 2022

Researchers from Lumen’s Black Lotus Labs threat intelligence unit have discovered a remote access trojan (RAT) called ZuoRAT. The malware targets remote employees by exploiting vulnerabilities in unpatched small office/home office (SOHO) routers.

The researchers estimate that at least 80 targets were affected by the campaign.

Lumen believes that the capabilities of the malware suggest that it was the work of a highly sophisticated actor.

These capabilities include “gaining access to SOHO devices of different makes and models, collecting host and LAN information to inform targeting, sampling and hijacking network communications to gain potentially persistent access to in-land devices, and intentionally stealth C2 infrastructure leveraging multistage siloed router to router communications.”

Lumen admits, however, that it has limited insight into the broader capabilities of the actor, but Lumen’s researchers are “confident” that the elements it is tracking are part of a broader campaign.

SOHO router manufacturers compromised include ASUS, Cisco, DrayTek, and Netgear.

The sources for this piece include an article in ZDNet.

Top Stories

Anthropic says AI now writes over 90% of the code behind Claude

Lenovo bets on a post-VMware world with new multi-hypervisor FX systems

Anthropic launches AI healthcare tools amid OpenAI competition

Apple taps Google’s Gemini to strengthen AI push including Siri upgrade

Canadian startup Kepler launches commercially operational optical satellites

Grok generating non-consensual sexualized images in thousands hourly, researcher finds 

Related Articles

Anthropic says AI now writes over 90% of the code behind Claude

January 14, 2026 Anthropic says that more than 90 per cent of the software powering new versions of Claude is more...

Lenovo bets on a post-VMware world with new multi-hypervisor FX systems

January 14, 2026 Lenovo is repositioning itself for a world where enterprise customers no longer want to be locked into more...

U.S. CISA warns of actively exploited bug in HPE OneView

January 14, 2026 A maximum-severity vulnerability in Hewlett-Packard Enterprise’s OneView management software is now being actively exploited. This has prompted more...

Anthropic launches AI healthcare tools amid OpenAI competition

January 14, 2026 Anthropic is pushing deeper into healthcare with a new suite of AI tools aimed at doctors, insurers more...

Picture of TND Newsdesk

TND Newsdesk

Picture of TND Newsdesk

TND Newsdesk

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.