all InfoSec news
Routers Roasting on an Open Firewall: the KV-botnet Investigation
Malware Analysis, News and Indicators - Latest topics malware.news
Executive Summary
The Black Lotus Labs team at Lumen Technologies is tracking a small office/home office (SOHO) router botnet that forms a covert data transfer network for advanced threat actors. We are calling this the KV-botnet, based upon artifacts in the malware left by the authors. The botnet is comprised of two complementary activity clusters, our analysis reveals that this nexus has been active since at least February 2022. The campaign infects devices at the edge of networks, a segment …
advanced advanced threat artifacts authors black lotus black lotus labs botnet calling covert data data transfer executive firewall forms home home office investigation labs lumen lumen technologies malware network office router routers soho team technologies threat threat actors tracking transfer