What is Camaro Dragon?
Camaro Dragon is an alleged Chinese threat actor that has a keen interest in the foreign affairs of organizations within Europe. Their activities show similarities with the Chinese “Mustang Panda” APT group.
What is the Attack?
Camaro Dragon targeted European foreign affairs organizations using the Horse Shell backdoor malware hidden in modified firmware for TP-Link routers. While the initial infection vector has not been identified, the threat actor likely exploited vulnerabilities in TP-Link routers or leveraged weak passwords.
The Horse Shell backdoor is capable of performing variety of tasks such as collecting system information and sending it to Command-and-Control (C2) servers, as well as – upload, download, create and delete files, and enumerate directories.
Why is this Significant?
This is significant because the alleged China-based “Camaro Dragon” APT group that share similarities with the infamous Mustang Panda group, targeted various European foreign affairs organizations using TP-Link routers unknowingly installed with Horse Shell backdoor.
What is the Vendor Solution?
While initial infection vector has not been identified, the APT group likely exploited vulnerabilities in TP-Link routers or abused weak credentials. All available patches should be applied and login passwords to routers should be updated to stronger less vulnerable and easily guessed passwords.
What FortiGuard Coverage is available?
FortiGuard Labs has the following AV signatures available for the malicious Horse Shell components called out in the report:
Linux/HorseShell.A!tr
Network IOCs in the report are blocked by Webfiltering.
More Stories
USN-7028-1: Linux kernel vulnerabilities
It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local...
python-zipp-0.5.1-4.el8
FEDORA-EPEL-2024-d7489f4064 Packages in this update: python-zipp-0.5.1-4.el8 Update description: Security fix for CVE-2024-5569 (rhbz#2297119) Read More
USN-7020-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7007-2: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...
USN-6992-2: Firefox regressions
USN-6992-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the...