A Cisco router is detected infected with a secret backdoor.
Security company FireEye researchers reported that backdoor programs called SYNful knock were found on 14 Cisco routers in 4 countries. Cisco has confirmed this. The attack does not take advantage of the vulnerability of the product itself, but requires valid management creden。 such as the default password or physical access to the victim's device. Backdoor implants are integrated into modified versions of Cisco IOS software images, allowing attackers to completely control the affected devices. Each time a backdoor is loaded when the device starts, a maximum of 100 modules are supported. Attackers can issue commands anonymously on the Internet to load modules with different functions. Cisco routers are known to be affected, including Cisco 1841, Cisco 2811, and Cisco 3825.
This article permanently updates the link address: