3 matches found
SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks
In this article 1. DNS hijacking attack chain: From compromised devices to AiTM and other follow-on activity 2. Mitigation and protection guidance 3. Microsoft Defender detection and hunting guidance Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been...
Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign
Threat hunters have discovered a network of more than 1,000 compromised small office and home office SOHO devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups. The Operational Relay Box ORB network has been codenamed LapDogs ...
New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide
Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office SOHO and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon aka Ethereal Panda or RedJuliett. The sophisticated botnet, dubbed Raptor Tra...