Recherche : [Quad7] - Cyberveille

Botnet 7777: Are You Betting on a Compromised Router? https://www.team-cymru.com/post/botnet-7777-are-you-betting-on-a-compromised-router

01/11/2024 10:20:17

Discover the latest insights on the Quad7 / 7777 botnet in our detailed analysis. Learn about the expansion of this resilient threat, its targeting patterns, and proactive measures to defend against compromised routers. Stay informed with our up-to-date findings and recommendations.

A glimpse into the Quad7 operators' next moves and associated botnets https://blog.sekoia.io/a-glimpse-into-the-quad7-operators-next-moves-and-associated-botnets/

01/11/2024 10:18:13

Uncover the secrets of the Quad7 botnet and its ever-evolving toolset. Learn about the new backdoors and protocols used by these operators.

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/

01/11/2024 10:01:36

Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is […]

A glimpse into the Quad7 operators' next moves and associated botnets https://blog.sekoia.io/a-glimpse-into-the-quad7-operators-next-moves-and-associated-botnets/#h-conclusion

11/09/2024 20:35:54

Uncover the secrets of the Quad7 botnet and its ever-evolving toolset. Learn about the new backdoors and protocols used by these operators.

Wifi routers and VPN appliances targeted by notorious botnet Quad7 https://cybernews.com/security/wifi-routers-and-vpn-appliances-targeted-by-quad7/

10/09/2024 10:32:27

The mysterious Quad7 botnet has evolved its tactics to compromise several brands of Wi-Fi routers and VPN appliances. It’s armed with new backdoors, multiple vulnerabilities, some of which were previously unknown, and new staging servers and clusters, according to a report by Sekoia, a cybersecurity firm.

Solving the 7777 Botnet enigma: A cybersecurity quest https://blog.sekoia.io/solving-the-7777-botnet-enigma-a-cybersecurity-quest/

23/07/2024 23:57:07

Sekoia.io investigated the mysterious 7777 botnet (aka. Quad7 botnet), published by the independent researcher Gi7w0rm inside the “The curious case of the 7777 botnet” blogpost.
This investigation allowed us to intercept network communications and malware deployed on a TP-Link router compromised by the Quad7 botnet in France.
To our understanding, the Quad7 botnet operators leverage compromised TP-Link routers to relay password spraying attacks against Microsoft 365 accounts without any specific targeting.
Therefore, we link the Quad7 botnet activity to possible long term business email compromise (BEC) cybercriminal activity rather than an APT threat actor.
However, certain mysteries remain regarding the exploits used to compromise the routers, the geographical distribution of the botnet and the attribution of this activity cluster to a specific threat actor.
The insecure architecture of this botnet led us to think that it can be hijacked by other threat actors to install their own implants on the compromised TP-Link routers by using the Quad7 botnet accesses.

Liens par page

Filtres