Chinese APT exploits TP-Link router firmware via implant
A Chinese state-sponsored APT tracked as “Camaro Dragon” is conducting targeted attacks with a malware implant tailored for TP-Link routers, according to research published Tuesday by Check Point Software Technologies.
The research, titled “The Dragon Who Sold His Camaro: Analyzing Custom Router Implant,” concerns a modified firmware image discovered by Check Point Research containing a malicious implant designed for TP-Link routers as well as a custom backdoor. Named “Horse Shell,” the implant “enables the attackers to maintain persistent access, build anonymous infrastructure and enable lateral movement into compromised networks,” according to Check Point Research’s blog post.
Horse Shell contains three functionalities: remote execution of shell commands on an infected router, file transfer to and from the infected router, and SOCKS proxy tunneling. It is also firmware agnostic, meaning it can be used to exploit other vendor …