Tuohon aikaisempaan tarkennuksia:
: No formal attribution made but two separate probes hint at the same suspect
www.theregister.com
Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that are attempting to disable TrendMicro security features in ASUS routers, then exploit vulnerabilities and novel tradecraft in ASUS AiProtection...
www.labs.greynoise.io
In summary, we are observing an ongoing wave of exploitation targeting ASUS routers, combining both old and new attack methods. After an initial wave of generic brute-force attacks targeting login.cgi, we observe subsequent attempts exploiting older authentication bypass vulnerabilities.
Sisään mennään joko brute forcettamalla web accessin sisäänkirjautumistunnuksia tai sen vanhoilla haavoittuvuuksilla.
Jos laite on korkattu ei pelkkä firmispäivitys riitä vaan pitää tehä factory reset.
Jospa laite on korkattu näkyy se ulospäin auki olevana porttina TCP/53282.
Wanha kunnon GRC Shields Up! tarjoaa custom port proben millä voipi kokeilla onko se auki.
GRC Internet Security Detection System
www.grc.com