Thursday, October 26, 2017

In Search of Router Scanner Used in Cyber Campaign

TLP AMBER ANNOUNCEMENT:  

Wapack Labs has attempted to identify the router scanner used in a cyber campaign conducted by a threat actor group who is believed to be a Chinese hacker group targeting Taiwan and Japan. All of the reports on this group on the Chinese Internet are translations of the June 2017 report by Trend Micro that identified the group. No independent analysis of the group was found, and no references to the name were found that predate the Trend Micro reporting. Searches on the Chinese term for “router vulnerability scanner” all returned the same tool called RouterhunterBR, that was written by a Brazilian security researcher named Jhonathan Davi who lives in Brasilia. Further investigation could confirm this threat actor group's use of this tool by checking whether the targeted routers contained any of the vulnerabilities listed by the tool’s author. The identification of RouterhunterBR as possibly used in this cyber campaign is circumstantial. Further investigation could help confirm the connection if targeted routers were checked for the vulnerabilities that the author stated were searched for by the tool...READ MORE

Wapack Labs has cataloged and reported on Chinese hacking groups in the past. An archive of related reporting can be found in the Red Sky Alliance portal.

WWW.WAPACKLABS.COM
  
This TLP AMBER report is available only to Red Sky Alliance members.