menu-control
The Jerusalem Post
Home Page
Business & Innovation
Banking & Finance
Tech & Start Ups
Energy & Infrastructure
Real Estate
Opinion
JP Must
Israel Real Estate
Aliyah
Jerusalem Post Conferences
Premium
The Daily Edition
The Jerusalem Post Ivrit
The Jerusalem Report
Coronavirus
Opinion
Heroines of Swords of Iron
Real Estate Listings
JPost Store
Categories
Breaking News
Israel News
Israel Politics
Israel Culture
Israel Sports
World News
Islamic Terrorism
Middle East
Iran News
Isis Threat
Arab-Israeli Conflict
Gaza News
US Politics
Diaspora
Antisemitism
Opinion
Podcast
Judaism
Torah Portion
Jewish Holidays
List of holidays
Kabbalah
Christian World
Health & Wellness
Sleep
Mind & Spirit
Nutrition
Coronavirus
Exercise
Pregnancy & Birth
Parenting
Science
Law
Archaeology
Environment & Climate Change
OMG
Antisemitism
Food & Recipes
Advisor
Jerusalem Post en Español
Sponsored Content
Promo Content
Advertise With Us
Terms of Use
Privacy Policy
Contact Us
Cancel Subscription
Customer Service
About Us
The Jerusalem Post: Business and Innovation
Jerusalem Post
Separator
Business & Innovation
Separator
Tech & Start-ups

Chinese hackers could be a threat to your home internet router

By WALLA! TECH  
Published: MAY 20, 2023 01:24
Updated: MAY 20, 2023 07:54
A router providing internet access. (photo credit: Walla)
A router providing internet access.
(photo credit: Walla)

Check Point, a cybersecurity software company, identified a group of Chinese hackers as responsible for integrating malicious code into router software.

Researchers from Israeli security company Check Point revealed this week that malicious firmware may endanger a variety of home and small office network routers. This would connect the routers to a network of hackers allegedly tied to the Chinese government.

According to information disclosed by Check Point, a firmware update for these routers includes a backdoor, which allows hackers to establish control and a file transfer network on the attacked router. It would then send remote commands to it, including uploading, downloading and deleting files.

Although the attack was centered on TP-LINK routers, it is "indifferent to the model," which means that it can be applied to other routers. The main purpose of the malicious one, it seems, is to transfer information between the target of the attack and the control servers of the attacker, in a way that masks the attacker to the intended victim.

Through further research, Check Point personnel discovered that the control structure and servers were linked to "Mustang Panda", an Advanced Persistent Threat (APT), previously also identified by companies such as Avast and ESET, as a group operating on behalf of the Chinese government.

Advertisement

Investigation reveals invasive coding

Check Point researchers discovered the invasive code during an investigation into a series of targeted attacks against European figures involved in foreign policy affairs. The main component of the backdoor is a code dubbed Horse Shell, a malicious code that is able to run remote commands on the infected device, transfer rhythms to and from it, and transfer information to a specific IP address using the SOCKS5 protocol, which was the main purpose of planting the code.

According to Check Point's disclosure, the firmware update for the routers includes a backdoor. (credit: Walla)
According to Check Point's disclosure, the firmware update for the routers includes a backdoor. (credit: Walla)

By creating a network of impacted routers that establish an encrypted connection between them, where only the two nearest links are exposed to each other, it is difficult to trace the source of the attack.

Tom Malka, head of cyber research at the Rakia Group, told Walla! that this is a known tactic.

"This is the exploitation of routers with vulnerable versions in order to carry out attacks under the cloak of anonymity for the real attacker - especially when it comes to attackers who are state-sponsored, and do not want to have a link to the state itself in order to avoid sanctions or a media echo," explains Malka.

Related Tags
technology
Malware
hacker
Cyber

×
Email:
×
Email: