ZuoRAT Malware Targets SOHO Routers To Infiltrate Networks

June 30, 2022

Researchers from Lumen’s Black Lotus Labs threat intelligence unit have discovered a remote access trojan (RAT) called ZuoRAT. The malware targets remote employees by exploiting vulnerabilities in unpatched small office/home office (SOHO) routers.

The researchers estimate that at least 80 targets were affected by the campaign.

Lumen believes that the capabilities of the malware suggest that it was the work of a highly sophisticated actor.

These capabilities include “gaining access to SOHO devices of different makes and models, collecting host and LAN information to inform targeting, sampling and hijacking network communications to gain potentially persistent access to in-land devices, and intentionally stealth C2 infrastructure leveraging multistage siloed router to router communications.”

Lumen admits, however, that it has limited insight into the broader capabilities of the actor, but Lumen’s researchers are “confident” that the elements it is tracking are part of a broader campaign.

SOHO router manufacturers compromised include ASUS, Cisco, DrayTek, and Netgear.

The sources for this piece include an article in ZDNet.

Top Stories

Related Articles

June 26, 2026 Polaroid has launched a new advertising campaign criticizing data centre water consumption as concerns about the environmental more...

June 26, 2026 Opposition to large-scale data centre developments tied to the artificial intelligence boom is beginning to influence U.S. more...

June 26, 2026 Meta's chief technology officer says employee morale has fallen to one of the lowest levels in the more...

June 26, 2026 Memory chip maker Micron says it has signed 16 long-term strategic customer agreements that include price floors more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn