Breaking news
For sale: Cycling jerseys | -
The key to success – hire older and experienced -
Remove microsoft account on the web windows 11 -
Johanna Toftby is married to Janne Fors -
Thiago Seyboth Wild’s Nazi connection revealed -
Jamina Roberts Champions League champions in the end -
Kristianstad: The police report a traffic accident -

Unprotected home routers are exploited in infrastructure attacks

Unprotected home routers are exploited in infrastructure attacks
Unprotected home routers are exploited in infrastructure attacks

Security researchers at Microsoft have discovered that the previously known hacker group Volt Typhoon has begun to carry out attacks on US infrastructure using a new, very cautious approach. Now they are publishing a detailed review of the findings and a warning to both organizations that may be affected and individuals who may unsuspectingly be of use to the hackers.

The attacks have been going on since 2021 and the hackers are exclusively using tools built into Windows to control computers they have entered and exfiltrate information. Since no malware is downloaded or installed, the attacks are difficult to detect, and to further cover their tracks, the hackers send all traffic through hacked home routers.

Microsoft writes that Volt Typhoon exploits security flaws in routers from Asus, Cisco, D-Link, Netgear and Zyxel. Many home routers are open to outside administration and hackers can either crack default passwords, which are sometimes very weak, or exploit some known security flaw in out-of-date software to take over a router.

To get into organizations’ internal networks, the hackers are exploiting an unknown security flaw in the Fortinet VPN server, which Microsoft is still working on finding. Once inside, they use the VPN server as a springboard to get into other systems with the goal of gaining access to regular user accounts that they can then use to hide in the network and subtly spy on the organization.

Authorities in several countries, including the US NSA and Australia’s cyber security center ACSC, have issued warnings about the attacks and are publishing guidelines on how organizations can protect themselves and detect traces of past breaches. Even Microsoft lists activity that could be a sign of Volt Typhoon attacks, but points out that several of the Windows functions the group exploits are also exploited by other hackers.

For private individuals, the recommendation is to keep routers and other network equipment up to date, and to turn off remote access.

The article is in Swedish

Tags: Unprotected home routers exploited infrastructure attacks


NEXT The State Secretary does not close the door on support measures against the housing crisis – Altinget