ZuoRAT Malware, State-Backed Threat Actor Targeting SOHO Routers

ZuoRAT Malware, State-Backed Threat Actor Targeting SOHO Routers

Black Lotus Labs recently caught wind of a sophisticated effort that might have been run by a state-sponsored group. ZuoRAT, a multistage RAT created specifically for small office/home office (SOHO) routers, is being distributed as part of the campaign. 

The campaign targeting North American and European organizations is represented by ZuoRAT and the associated activity. The Windows loader was used by the ZuoRAT malware campaign to get a remote resource and run it on the host computer. It was also utilized to load one of the second-stage agents that was fully operational. The capabilities demonstrated by ZuoRAT point to a highly sophisticated actor who has been possibly living undetected on the edge of targeted networks for years. 

Researchers have advised organizations to ensure patch-planning for routers and confirm these devices are running the latest software available.

Read More: ZuoRAT Malware with Hallmarks of a State-Backed Threat Actor

For more such updates follow us on Google News ITsecuritywire News