• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Hackers opening SMB ports on routers to infect PCs with NSA malware

Brink

Staff member
mvp
Oklahoma, USA

Posts
32,388
#1
Akamai has detected an ingenious malware campaign that alters configurations on home and small office routers to open connections toward internal networks so crooks can infect previously isolated computers.

The way hackers achieve this, Akamai said, is via a technique known as UPnProxy, which the company first detailed in April this year.

The technique relies on exploiting vulnerabilities in the UPnP services installed on some routers to alter the device's NAT (Network Address Translation) tables.

NAT tables are a set of rules that control how IPs and ports from the router's internal network are mapped onto a superior network segment --usually the Internet.

In April, hackers were using this technique to convert routers into proxies for regular web traffic, but in a report published today, Akamai says it's seen a new variation of UPnProxy where some clever hackers are leveraging UPnP services to insert special rules into routers NAT tables.

These rules still work as a (proxy) redirections, but instead of relaying web traffic at the hacker's behest, they allow an external hacker to connect to the SMB ports (139, 445) of devices and computers located behind the router, on the internal network.

OVER 45,000 ROUTERS ALREADY INFECTED

Akamai experts say that from the 277,000 routers with vulnerable UPnP services exposed online, 45,113 have already been modified in this recent campaign.

Researchers say that one particular hacker, or hacker group, has spent weeks creating a custom NAT entry named 'galleta silenciosa' ('silent cookie/cracker' in Spanish) on these 45,000 routers.

Read more: Hackers are opening SMB ports on routers so they can infect PCs with NSA malware | ZDNet

See also: UPnProxy: EternalSilence - Akamai Security Intelligence and Threat Research Blog
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro 64-bit
    Manufacturer/Model
    Custom
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    250GB Samsung 960 EVO M.2,
    256GB OCZ Vector,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech wireless K800
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone
  • Operating System
    Windows 10 Pro
    Manufacturer/Model
    HP Envy Y0F94AV
    CPU
    i7-7500U @ 2.70 GHz
    Memory
    16 GB DDR4-2133
    Graphics card(s)
    NVIDIA GeForce 940MX
    Sound Card
    Conexant ISST Audio
    Monitor(s) Displays
    17.3" UHD IPS touch
    Screen Resolution
    3480 x 2160
    Hard Drives
    512 GB M.2 SSD