These devices, which the threat actor is using to proxy the connection, correlate with the country of the victim and allow the actor activity to blend in with normal telework user activity,” CISA said. “The cyber threat actor is using exploited devices located on residential IP space - including publicly facing Network Attached Storage (NAS) devices and small home business routers from multiple vendors - to proxy their connection to interact with the web shells they placed on these devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |