This is how Chinese cybercriminals are hacking TP-Link routers to attack the whole world

A group of cyber criminals belonging to Mustang Pandaa network associated with China, have put in check Tp link. It has carried out a series of sophisticated attacks against routers of this brand and affects home users in many countries around the world. This includes countries in the European Union. A problem that can undoubtedly put the security and privacy of many at risk, since a hacker could launch attacks and maintain persistent access, thereby controlling the compromised networks.

It must be taken into account that we are dealing with a brand of routers that is widely used, so the problem is aggravated. In addition, at the moment it is unknown exactly how the initial access has been and the exact method to implement the tampered firmware images on routers that have been infected.

TP-Link routers, in danger

According to a group of security researchers from check point, it is a custom firmware that they have created for TP-Link routers. This includes various malicious components, such as a backdoor, so that cybercriminals can gain access and thus gain control.

The back door or Horse Shell, as the researchers behind this discovery call it, is known to be based on C++. This allows hackers to execute arbitrary shell commands, upload and download files through the router, and relay communications between two different clients.

One of the factors to take into account is that all this points to home routers. It is not, as has happened on other occasions, something exclusive to business teams. The objective, it seems, is to create a chain of nodes between infected computers. With this, the attackers could hide in the network.

Why the attack occurs

Although not much more is known, it is believed that it could be for two reasons: known security flaws And through brute force for using default passwords. This shows us the importance of always having the devices in good condition, since otherwise they could be compromised.

So what should you do if you have a TP Link router? The first thing is to update it. As you can see, attackers can exploit known security flaws, which means that there are patches for those vulnerabilities. Keeping the equipment updated will allow you to have your router protected, at least, against threats that are known.

In addition, another very important factor is use good passwords. You should never keep passwords that come by default, nor use weak passwords. Do not use common words, nor your name, date of birth or any similar information. Hackers use dictionaries to crack those keys and try the most common ones first.

Therefore, use passwords that are unique and meet security requirements. It is important that they have letters (upper and lower case), numbers and other special symbols. You should always make sure that you use strong keys for any account you have on the Internet, as well as for devices.

As you can see, TP-Link routers are endangered by a series of attacks that allow unwanted access. You can always check if the router has been hacked. It is important that you take action, keep your devices up to date, and use strong and complex passwords. That will help you avoid security issues.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *