Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet

• Sekoia spots hackers abusing a known flaw in Cisco devices
• This leads to the discovery of a botnet called PolarEdge
• Most victims are found in the US, but the botnet is "most prevalent" in Asia and South America

A previously-undocumented botnet has been expanding around the world for more than a year, targeting a range of Cisco, ASUS, QNAP, and Synology devices, experts have warned.

Cybersecurity researchers Sekoia observed the attacks on their honeypot, and used the information to detail the campaign, its infrastructure, and targets.

In its report, Sekoia said that as of late 2023, it spotted an unnamed threat actor targeting devices vulnerable to CVE-2023-20118 - an improper user input validation bug affecting different Cisco Small Business Routers. The flaw allowed them to execute arbitrary commands on the affected devices, pulling a malicious payload from a Huawei Cloud server located in Singapore. Digging deeper, Sekoia found ...