Mar 26, 2024 - Technology

Researchers uncover new security threat against routers and smart devices

Illustration of top down view of opened laptops in a grid pattern.

Illustration: Rae Cook/Axios

A hacking campaign infected more than 6,000 Asus routers in less than 72 hours this month, according to a report from communications provider Lumen Technologies out Tuesday.

Why it matters: The specific incident is tied to a wide-reaching campaign targeting end-of-life routers and smart devices that Lumen recently uncovered.

  • In this case, hackers appear to have resurrected a well-known botnet, known as TheMoon, that researchers thought went out of commission years ago.

Zoom in: Those who resurrected TheMoon botnet — which operates a network of malware-infected devices that hackers use to launch attacks — were able to infect more than 40,000 routers and other smart devices across 88 countries in January and February, including the Asus routers.

  • The majority of these newly infected devices are believed to also be the backbone for cybercriminal proxy service Faceless, which allows users to route their malicious internet traffic through a network of compromised computers, according to the report.

Threat level: Lumen's researchers have seen seven campaigns targeting home and small-business routers in the last two years.

  • Officials have also increasingly warned about the poor security controls on at-home routers following a string of espionage campaigns targeting the devices.

Between the lines: Researchers believe the re-emergence of TheMoon and its reliance on Faceless is tied to increasing law enforcement cybercrime investigations.

  • "We suspect that with the increased attention paid to the cybercrime ecosystem by both law enforcement and intelligence organizations, criminals are looking for new methods to obfuscate their activity," the report says.
  • So far, the re-emergence of TheMoon botnet has brought in nearly 7,000 new users each week to Faceless' services.

Yes, but: Lumen did not identify who could be behind this resurgence.

The bottom line: Lumen has blocked access to the infected devices across its own devices.

  • Researchers recommend that consumers install security updates for their at-home routers.
Go deeper