China-Backed Hackers' New Malware Turns WiFi Routers Into Malicious Proxy; CPR Shares Details

Small office and residential routers are their main targets.

China-backed hackers are using new malware that can turn routers into malicious proxies.

China-Backed Hackers' New Malware Turns WiFi Routers Into Malicious Proxy; CPR Shares Details
In this file photo taken on August 04, 2020, Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, uses his computer at their office in Dongguan, China's southern Guangdong province. NICOLAS ASFOURI/AFP via Getty Images

Check Point Research, a leading cyberthreat intelligence organization, confirmed this new discovery in its official report.

"Over the past few months, Check Point Research has closely monitored a series of targeted attacks aimed at European foreign affairs entities," said the cybersecurity agency via its official blog post.

CPR added that these campaigns are linked to a Chinese state-sponsored APT group, which it calls the Camaro Dragon.

China-Backed Hackers' New Malware Turns WiFi Routers Into Malicious Proxy

According to Ars Technica's latest report, the new malware is used by Chinese state-backed hackers to target routers in small offices and residential areas.

China-Backed Hackers' New Malware Turns WiFi Routers Into Malicious Proxy; CPR Shares Details
In this file photo taken on August 04, 2020, Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, uses a website that monitors global cyberattacks on his computer at their office in Dongguan, China's southern Guangdong province. NICOLAS ASFOURI/AFP via Getty Images

This new malicious firmware allows them to turn WiFi routers into a network, which will stealthily relay traffic to command and control servers.

CPR stated that the new malware contains a full-featured backdoor. This enables malicious actors to establish communications, as well as file transfers with infected devices.

Aside from these, the new malware can remotely issue commands, and delete, download, and upload files as well.

Check Point Research experts said that the malware was discovered in the form of firmware images for TP-Link routers.

Main Purpose of the New Malware

Check Point Research explained that the malware's main purpose appears to be sending traffic between infected routers.

But, the cybersecurity intelligence agency discovered that the control infrastructure was operated by hackers connected to Mustang Panda; an advanced threat actor that works on behalf of the Chinese government.

CPR explained that the ties of the Chinese state-backed hackers to the Mustang Panda hint that they are only using WiFi routers as a means to achieve another goal.

Check Point Research said that the new malware was discovered while they were investigation malicious campaigns attacking European foreign affairs entities.

If you want to learn more about this new malware, you can click this link.

In other stories, the Federal Trade Commission warned about the rising phishing scams on PayPal and MetaMask.

Recently, security experts issued a warning about fake software offering ChatGPT-based tools to Facebook users.

For more news updates about malware and other security threats, always keep your tabs open here at TechTimes.

Tech Times
Article owned by Tech Times | Written by Griffin Davis Photo owned by Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics