Sequretek Advisory - ZuoRAT Attacking SOHO Routers
7/08/2022

A sophisticated, multistage remote access trojan (RAT) that’s been active since April 2020, is exploiting known vulnerabilities to target popular SOHO routers from Cisco Systems, Netgear, Asus and others.

• Researchers at Lumen Technologies’ Black Lotus Labs have been tracking a sophisticated malware, dubbed ZuoRAT, that has been attacking Small Office/Home Office (SOHO) routers.

• The malware, after gaining access to the router can pivot to other systems connected on the LAN, capture packets being transmitted on the device and stage man-in-the middle attacks through DNS and HTTPS hijacking.

• ZuoRAT is assessed to be a sophisticated campaign leveraging infected SOHO routers to target predominantly North American and European networks of interest

Sign Up Here for Download