- SEKOIA stains hackers who abuse a known error in Cisco -Neys
- This leads to the discovery of a botnet called Polaredge
- Most victims are found in the US but botnet is “most widespread” in Asia and South America
A former country Botnet has expanded all over the world for more than a year targeting a number of Cisco, Asus, QNAP and Synology Devices, experts have warned.
Cyber security researchers SEKOIA observed the attacks on their Honeypot and used the information to detail the campaign, its infrastructure and goals.
In his report, Sekoia said that from the end of 2023 it discovered a non-named threat actor who targeted devices that are vulnerable to the CVE-2023-20118-one incorrect user input validation error affecting various Cisco Small Business routers. The error allowed them to perform arbitrary commands on the affected devices and pull a malicious payload from a Huawei Cloud server located in Singapore. SEKOIA, which digs deeper, found traces of the campaign target units from other manufacturers. They named Botnet Polaredge and confirmed that at least 2,000 final points around the world were infected.
Endgame unknown
Botnet’s goal is unknown at this time, the researchers said.
“The purpose of this botnet is not yet determined. Crossing the IP addresses with our telemetry has not revealed any specific activity, ”the report reads.
Normally, cyber criminals would develop a network of infected devices to either run distributed denial of service (DDOS) attacks, create a housing proxy, run spam and phishing campaigns, spread malware or participate in click fraud.
The majority of the victims are found in the United States, but Sekoia says Botnet seems to be “particularly widespread” in Asia and South America, although it cannot be certain whether this was a conscious step from the striker or just coincidence.
Despite the fact that they infected a relatively small amount of units, Sekoia is still considered polarish as a dangerous threat.
“Botnet utilizes more vulnerabilities across different types of equipment that highlights its ability to target different systems,” the report concludes.
“The complexity of the payloads further emphasizes the refinement of the operation, which suggests that it is performed by skilled operators. This indicates that polaredge is a well -coordinated and significant cyber threat. “
