Menu
What's new
By:
Filters Better Search

Flax Typhoon malware affecting ASUS RT-*/GT-*/ZenWifi ???

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

TeaDragon

TeaDragon

New Around Here
I am seeing articles about this malware that infected routers, cameras, etc., called "Flax Typhoon", which controlled a massive botnet. The articles all say among the infected devices are
"ASUS RT-*/GT-*/ZenWifi". Does this mean ALL Asus RT routers? I cannot find a list of specific models anywhere, and nothing on the Asus website. Does anyone have any info on this?

arstechnica.com

Massive China-state IoT botnet went undetected for four years—until now

75% of infected devices were located in homes and offices in North America and Europe.
arstechnica.com arstechnica.com

 
@tiddlywink Since not a single one of those CVEs are mentioned in the Joint Cybersecurity Advisory, what relevance is this? Does this mean if any of us have updated firmware, decent passwords, and follow basic security suggestions, then we cannot be affected by Flax Typhoon?
 
There is no official information as to which specific attack vectors were used to infect all these devices. Since the targets are so varied, they are probably just using whatever exploits were available for each individual platforms. This botnet is also many years old, so there's a good chance it relied on old exploits that have been long fixed, in addition to brute force attack on exposed web interfaces.
 
RMerlin said:
There is no official information as to which specific attack vectors were used to infect all these devices. Since the targets are so varied, they are probably just using whatever exploits were available for each individual platforms. This botnet is also many years old, so there's a good chance it relied on old exploits that have been long fixed, in addition to brute force attack on exposed web interfaces.
Click to expand...

I agree - limit the threat surface for exposed services...

First thing is disable WAN side services, and then take a serious look at what is truly needed on the LAN side...
 
biggest problem is no name routers and IOT crap that never get updates . Keep your things updated and locked down you should be fine
 
You must log in or register to reply here.

Similar threads

D
ASUS RT-BE92U
5 6 7
Replies
126
Views
27K
Tech9
Tech9
TheLostSwede
Announcing the ROG Rapture GT-BE19000 Tri-Band WiFi 7 Gaming Router
Replies
12
Views
4K
KGB7
K
D
New Asus GT-BE19000 and BE6500/BE3600 with KI
Replies
12
Views
5K
TheLostSwede
TheLostSwede
TheLostSwede
ASUS Unveils RT-BE88U WiFi 7 Dual-Band Router
9 10 11
Replies
201
Views
36K
Tech9
Tech9
D
Cleaning VPNFilter malware from Asus RT-N66U
Replies
7
Views
10K
Killzusall
K

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 630 (members: 15, guests: 615)
Top