A targeted attack campaign has been compromising home and small-business routers since late 2020 with the goal of hijacking network communications and infecting local computers with stealthy and sophisticated backdoors. Attacks against home routers are not new, but the implants used by attackers in this case were designed for local network reconnaissance and lateral movement instead of just abusing the router itself.
“The rapid shift to remote work in spring of 2020 presented a fresh opportunity for threat actors to subvert traditional defense-in-depth protections by targeting the weakest points of the new network perimeter—devices that are routinely purchased by consumers but rarely monitored or patched—small office/home office (SOHO) routers,” researchers from Black Lotus Labs, the threat intelligence arm of telecommunications company Lumen Technologies said in a recent report.