Transaction

jmetaB0232dd5426a370209cc66dc0d6dcd682183c79ea5d1f84501c2c00fa1a4b746b7f@4a558486681abbf54ab7d92fc07ba63976d1e89342e0c066cac479982846453frss.itemmetarss.netM[<item> <title>Hacker free-for-all fights for control of home and office routers everywhere</title> <link>https://arstechnica.com/?p=2021233</link> <comments>https://arstechnica.com/security/2024/05/hacker-free-for-all-fights-for-control-of-home-and-office-routers-everywhere/#comments</comments> <dc:creator><![CDATA[Dan Goodin]]></dc:creator> <pubDate>Thu, 02 May 2024 00:20:12 +0000</pubDate> <category><![CDATA[Biz & IT]]></category> <category><![CDATA[Security]]></category> <category><![CDATA[botnets]]></category> <category><![CDATA[malware]]></category> <category><![CDATA[routers]]></category> <guid isPermaLink="false">https://arstechnica.com/?p=2021233</guid> <description><![CDATA[How and why nation-state hackers and cybercriminals coexist in the same router botnet.]]></description> <content:encoded><![CDATA[<div id="rss-wrap"> <figure class="intro-image intro-left"> <img src="https://cdn.arstechnica.net/wp-content/uploads/2020/04/botnet6-800x450.jpg" alt="Rows of 1950s-style robots operate computer workstations."> <p class="caption" style="font-size:0.8em"><a href="https://cdn.arstechnica.net/wp-content/uploads/2020/04/botnet6.jpg" class="enlarge-link" data-height="563" data-width="1000">Enlarge</a> (credit: <a rel="nofollow" class="caption-link" href="https://arstechnica.com/author/aurich-lawson/">Aurich Lawson / Ars Technica</a>)</p> </figure> <div><a name="page-1"></a></div> <p>Cybercriminals and spies working for nation-states are surreptitiously coexisting inside compromised name-brand routers as they use the devices to disguise attacks motivated both by financial gain and strategic espionage, researchers said.</p> <p>In some cases, the coexistence is peaceful, as financially motivated hackers provide spies with access to already compromised routers in exchange for a fee, researchers from security firm Trend Micro reported Wednesday. In other cases, hackers working in nation-state-backed advanced persistent threat groups take control of devices previously hacked by the cybercrime groups. Sometimes the devices are independently compromised multiple times by different groups. The result is a free-for-all inside routers and, to a lesser extent, VPN devices and virtual private servers provided by hosting companies.</p> <p>“Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult,” Trend Micro researchers Feike Hacquebord and Fernando Merces <a href="https://www.trendmicro.com/en_us/research/24/e/router-roulette.html">wrote</a>. “This shared interest results in malicious internet traffic blending financial and espionage motives.”</p></div><p><a href="https://arstechnica.com/?p=2021233#p3">Read 13 remaining paragraphs</a> | <a href="https://arstechnica.com/?p=2021233&comments=1">Comments</a></p>]]></content:encoded> <wfw:commentRss>https://arstechnica.com/security/2024/05/hacker-free-for-all-fights-for-control-of-home-and-office-routers-everywhere/feed/</wfw:commentRss> <slash:comments>57</slash:comments> </item>