Breaking news
For sale: Cycling jerseys | Happyride.se -
The key to success – hire older and experienced -
Remove microsoft account on the web windows 11 -
BofA analysis: Record low valuation of small companies -
Johanna Toftby is married to Janne Fors -
New research: Diet can save you from mosquitoes | News -
Thiago Seyboth Wild’s Nazi connection revealed -
Jamina Roberts Champions League champions in the end -
Kristianstad: The police report a traffic accident -
“Fewer trees must be felled if Sweden is to meet EU requirements” -

Unprotected home routers are exploited in infrastructure attacks

Business Williams
Unprotected home routers are exploited in infrastructure attacks
Unprotected home routers are exploited in infrastructure attacks
--

Security researchers at Microsoft have discovered that the previously known hacker group Volt Typhoon has begun to carry out attacks on US infrastructure using a new, very cautious approach. Now they are publishing a detailed review of the findings and a warning to both organizations that may be affected and individuals who may unsuspectingly be of use to the hackers.

The attacks have been going on since 2021 and the hackers are exclusively using tools built into Windows to control computers they have entered and exfiltrate information. Since no malware is downloaded or installed, the attacks are difficult to detect, and to further cover their tracks, the hackers send all traffic through hacked home routers.

Microsoft writes that Volt Typhoon exploits security flaws in routers from Asus, Cisco, D-Link, Netgear and Zyxel. Many home routers are open to outside administration and hackers can either crack default passwords, which are sometimes very weak, or exploit some known security flaw in out-of-date software to take over a router.

To get into organizations’ internal networks, the hackers are exploiting an unknown security flaw in the Fortinet VPN server, which Microsoft is still working on finding. Once inside, they use the VPN server as a springboard to get into other systems with the goal of gaining access to regular user accounts that they can then use to hide in the network and subtly spy on the organization.

Authorities in several countries, including the US NSA and Australia’s cyber security center ACSC, have issued warnings about the attacks and are publishing guidelines on how organizations can protect themselves and detect traces of past breaches. Even Microsoft lists activity that could be a sign of Volt Typhoon attacks, but points out that several of the Windows functions the group exploits are also exploited by other hackers.

For private individuals, the recommendation is to keep routers and other network equipment up to date, and to turn off remote access.

The article is in Swedish

Tags: Unprotected home routers exploited infrastructure attacks

-

NEXT The State Secretary does not close the door on support measures against the housing crisis – Altinget

Related posts

The key to success – hire older and experienced

BofA analysis: Record low valuation of small companies

Jamina Roberts Champions League champions in the end

Kristianstad: The police report a traffic accident