Since April 2020, a new, multistage Remote Access Trojan (RAT) has been wreaking havoc on popular SOHO routers made by Cisco Systems, Netgear, Asus, and other manufacturers by taking advantage of known security flaws.
According to experts from Lumen Technologies’ threat-intelligence unit Black Lotus Labs, the malware, known as ZuoRAT, can access the local LAN, collect packets being transmitted on the device, and conduct man-in-the-middle attacks using DNS and HTTPS hijacking.
In a blog post published recently, they stated that the RAT may be the product of a state-sponsored actor given its capacity to not only join a LAN from a SOHO device but also to launch additional attacks.
Read More: https://threatpost.com/zuorat-soho-routers/180113/