Communications of the ACM

Home/News/Hacker Group Is Eavesdropping on Corporate Email,.../Full Text

ACM TechNews

Hacker Group Is Eavesdropping on Corporate Email, FTP Traffic

By ZDNet
April 9, 2020
Comments

View as: Print Mobile App Share:

Eavesdropping on passing traffic. — A hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks since at least December, according to Chinese security firm Qihoo 360.

Credit: trendmicro.com

The Chinese security firm Qihoo 360 reports that a hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks since at least early December.

Qihoo researchers detected two different threat actors that each exploited a different zero-day vulnerability.

Attack Group A, the more sophisticated of the two, took advantage of a vulnerability in the RSA-encrypted login mechanism of DrayTek devices to hide malicious code inside the router's username login field.

Attack Group B exploited a zero-day vulnerability in the "rtick" process to create backdoor accounts on the hacked routers.

In response, DrayTek released firmware patches, including one for a now-discontinued router model, on Feb. 10.

From ZDNet
View Full Article

No entries found

Hacker Group Is Eavesdropping on Corporate Email, FTP Traffic

Stellantis' Peugeot Cars to Use ChatGPT to Talk to Drivers

Gaining Benefit from Artificial Intelligence and Data Science: A Three-Part Framework

The Link Between Rituals and Data Science