Happened in the last few days. The government also extended the alert level of Charlie-CRP, due to which there was also information that hackers associated with the government of China in the United States. Among the brands exposed to such an attack led by the Volt Typhoon group are ASUS, Cisco, D-Link, NETGEAR and Zyxel. Another, twin Camaron Dragon group, also associated with China, used TP-Link routers.
TP-Link has made improvements to the router and reveals how it could have been hacked
“Comprehensive analysis of these attacks revealed a malicious firmware implant tailored to TP-Link routers. The implant contains several malicious components, including a custom backdoor called ‘Horse Shell’ that allows attackers to maintain permanent access, build an anonymous infrastructure and allow lateral movement to attacked networks,” reports Checkpoint Research (CPR), a group dedicated to .
TP-Link sent a statement on this matter to Gazeta.pl, in which it informs that “the Check Point Research publication does not contain any information about a security breach or detection of a security vulnerability in the original TP-Link software”. As the company clarifies, CPR discovered software confusingly similar to the original TP-Link firmware.
The most likely source of router infection are known vulnerabilities of the device, for which – according to TP-Link – an update has already been released and “weak password to the administration panel in which remote access from the WAN side has been configured”.
How to secure the router?
“Most users do not need remote access via the Internet to the router’s administration panel, which is why this function is disabled by default in the software in all TP-Link routers” – notes the company. And advises that if “we need remote access to the device, and our router supports the OpenVPN server function, instead of remote access and exposing the management panel to the outside, we recommend configuring the VPN to connect to the router and manage it by its local address”
“In the case of routers that do not support VPN, in order to minimize the risk, a sufficiently long (several-character) password for the administration panel should be used, using uppercase and lowercase letters, numbers and special characters. If we log in to it from the outside from a specific, unchanging IP address, it is also worth restrict remote access to the router to that particular IP address. The company also suggests updating the router’s firmware. The current version can be found on the manufacturer’s website, which can help us configure the device. For this purpose, it is best to call the hotline.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
