Sekoia

Sekoia

Sekoia uncovered the evolution of the Quad7 botnet, which now targets new SOHO devices with stealthier tactics to evade detection. The botnet has compromised various routers and VPN appliances by exploiting vulnerabilities, some of which were previously unknown. The Quad7 operators have refined their methods, transitioning from open SOCKS proxies to using the KCP protocol over UDP for communication to further conceal their activities. Despite no direct reports of data compromise, the botnet's capacity for distributed brute-force attacks presents significant risks, including potential unauthorized access to Microsoft 365 accounts and control over infected devices possibly leading to data breaches or other serious security incidents in the future.

Source: https://securityaffairs.com/168250/malware/quad7-botnet-evolves.html

TPRM report: https://scoringcyber.rankiteo.com/company/sekoia

"id": "sek000091524",
"linkid": "sekoia",
"type": "Cyber Attack",
"date": "9/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'attack_vector': ['Vulnerability exploitation'],
 'description': 'Sekoia uncovered the evolution of the Quad7 botnet, which now '
                'targets new SOHO devices with stealthier tactics to evade '
                'detection. The botnet has compromised various routers and VPN '
                'appliances by exploiting vulnerabilities, some of which were '
                'previously unknown. The Quad7 operators have refined their '
                'methods, transitioning from open SOCKS proxies to using the '
                'KCP protocol over UDP for communication to further conceal '
                'their activities. Despite no direct reports of data '
                "compromise, the botnet's capacity for distributed brute-force "
                'attacks presents significant risks, including potential '
                'unauthorized access to Microsoft 365 accounts and control '
                'over infected devices possibly leading to data breaches or '
                'other serious security incidents in the future.',
 'impact': {'systems_affected': ['Routers', 'VPN appliances']},
 'motivation': ['Unauthorized access', 'Data breaches'],
 'threat_actor': 'Quad7 operators',
 'title': 'Evolution of Quad7 Botnet Targets SOHO Devices',
 'type': 'Botnet',
 'vulnerability_exploited': ['Unknown vulnerabilities in routers and VPN '
                             'appliances']}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.