More SOHO devices are being targeted by the Quad7 botnet operation, which has also been leveraging new backdoors and staging servers to better conceal distributed brute-force intrusions, according to BleepingComputer.
Thousands of TP-Link and ASUS routers have already been part of Quad7's major 'xlogin' and 'alogin' clusters, while nearly 300 Ruckus wireless devices have been compromised to be included in the 'rlogin' cluster that commenced in June, a report from Sekoia revealed. While there have been few to no Axentra network-attached storage devices and Zyxel VPN appliances infected by the botnet, more security flaws could be integrated to facilitate expanded attacks, said Sekoia researchers. Aside from increasing its targeting scope, Quad7 has moved to further obfuscate malicious activities by transitioning to the more advanced FsyNet tool for relaying attacks, as well as adopting the novel UPDTAE backdoor and netd binary. Quad7's advancing operations should prompt the implementation of up-to-date firmware security updates and robust passwords across SOHO devices, researchers added.
