Sekoia

Sekoia uncovered the evolution of the Quad7 botnet, which now targets new SOHO devices with stealthier tactics to evade detection. The botnet has compromised various routers and VPN appliances by exploiting vulnerabilities, some of which were previously unknown. The Quad7 operators have refined their methods, transitioning from open SOCKS proxies to using the KCP protocol over UDP for communication to further conceal their activities. Despite no direct reports of data compromise, the botnet's capacity for distributed brute-force attacks presents significant risks, including potential unauthorized access to Microsoft 365 accounts and control over infected devices possibly leading to data breaches or other serious security incidents in the future.

Source: https://securityaffairs.com/168250/malware/quad7-botnet-evolves.html

"id": "sek000091524",
"linkid": "sekoia",
"type": "Cyber Attack",
"date": "9/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"