"TP-Link Routers Implanted With Malicious Firmware in State-Sponsored Attacks"
According to Check Point researchers, a Chinese state-sponsored Advanced Persistent Threat (APT) group implanted malicious firmware into TP-Link routers as part of attack campaigns targeting European foreign affairs entities. The malicious firmware was developed exclusively for TP-Link routers. Among its numerous harmful components is a custom-made backdoor called "Horse Shell." Horse Shell enables attackers to take complete control of a compromised device and remain hidden while accessing impacted networks. The researchers are uncertain as to how the attackers infected the routers, but they believe they likely obtained access by exploiting known vulnerabilities or using default, weak, or easily guessable passwords. Although the campaigns targeted European foreign affairs entities, researchers do not know who the router implant victims are. This article continues to discuss the infection of TP-Link routers by malicious firmware for state-sponsored attacks.