Skip to main content

Quad7 botnet evolves to more stealthy tactics to evade detection

  • 10 September 2024
  • 0 replies
  • 2 views

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

September 10, 2024 By Pierluigi Paganini

 

The Quad7 botnet evolves and targets new  SOHO devices, including Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances.

The Sekoia TDR team identified additional implants associated with the Quad7 botnet operation. The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities.

The operators are maintaining the botnet for launching distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts.

Recently Sekoia published a new report on the Quad7 botnet (aka 7777 botnet, xlogin botnet) following the discovery of several staging servers, leading the experts to discover new targets, implants and botnet clusters associated with this threat actor. 

The experts identified five distinct login clusters (alogin, xlogin, axlogin, rlogin, and zylogin) associated with these botnet operators. Some of these clusters specifically target Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances.

 

>>Full Article<<

0 replies

Be the first to reply!

Reply