One research report cited by O’Rielly comes from Check Point, which found that the Chinese government-sponsored APT group that tracks the Camaro Dragon installed a malicious backdoor called Horse Shell that was built into TP-Link routers. Check Point notes that Horse Shell is “a binary machine compiled for the MIPS32 MSB operating system and written in C++. Many embedded devices and routers use MIPS-based operating systems, and TP-Link routers are no exception.”
Malware can easily be planted on other devices
The author of that report, Itay Cohen, who leads research at Check Point, tells CSO that a Chinese threat group may have easily installed malware on routers from US-based Cisco, which are manufactured in Korea, China, Taiwan, and Malaysia. , and Singapore, or US-based Netgear, which outsources its router manufacturing to electronics companies in other countries, including China or Taiwan.
“In many cases, the same attackers are using different router vendors,” Cohen said. “There is a possibility that in the attacks we analyzed, many router vendors were infected. Even though we got it for TP-Link specific versions, the code was not written specifically for TP-Link. It was common enough that it could be written off as a framework that attackers use on other routers or other vendors. “
Source link