home.social
Sign in Create account

#networkhijacking β€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #networkhijacking, aggregated by home.social.

  1. πŸ›‘ [email protected]/:~# :blinking_cursor:​ @[email protected] Β·

    Cuttlefish Zero-Click Malware: Stealthy Theft of Cloud Data through Routers

    Date: May 1, 2023
    CVE: Not specified
    Vulnerability Type: Malware
    CWE: [[CWE-200]], [[CWE-287]], [[CWE-311]]
    Sources: Dark Reading

    Issue Summary

    Cuttlefish is a newly identified malware that targets enterprise and SOHO routers (Small Office/ Home Office) to steal authentication details without user interaction. Designed by Black Lotus Labs, this zero-click malware infiltrates network equipment to capture data, leveraging DNS and HTTP hijacking to interact with private IP addresses and exfiltrate data via proxy or VPN tunnels. Cuttlefish has been active since at least last July, with its latest campaign running from October through April 2024.

    Technical Key findings

    Cuttlefish uses a sophisticated method that involves sniffing packets and hijacking DNS and HTTP requests. It deploys via a bash script, gathering data and executing a malicious binary. It monitors network traffic, activating based on predefined rules to target private IP addresses or steal credentials. Researchers found links β€” specifically, code similarities and embedded build paths β€” to HiatusRat, thus they believe Cuttlefish also is aligned with the interests of China-based threat actors. To exfiltrate data, the threat actor first creates either a proxy or VPN tunnel back through a compromised router, then uses stolen credentials to access targeted resources," according to the post. "By sending the request through the router, we suspect the actor can evade anomalous sign-in based analytics by using the stolen authentication credentials."

    Vulnerable products

    SOHO routers and potentially unmonitored enterprise networking equipment.

    Impact assessment

    The malware could lead to unauthorized data access, long-term persistence within the network, and potential bypass of security measures like EDR and network segmentation.

    Patches or workaround

    Recommendations include securing router interfaces, updating firmware, changing default credentials, and regularly rebooting routers to clear in-memory malware.

    Tags

    #Cuttlefish #ZeroClickMalware #RouterSecurity #NetworkHijacking #DataExfiltration

    #cuttlefish #zeroclickmalware #routersecurity #networkhijacking #dataexfiltration