PolarEdge Botnet Targets Routers with Custom TLS Backdoor

Security researchers have uncovered a sophisticated botnet implant named PolarEdge targeting various IoT and NAS devices. The malware exploits a known vulnerability to deploy a backdoor that establishes a custom TLS server for command-and-control operations. Its proprietary binary protocol allows unauthenticated attackers to execute arbitrary shell commands on compromised systems. PolarEdge employs advanced evasion tactics, including multiple layers of encryption and anti-analysis techniques like process masquerading to remain hidden. The implant sends daily device fingerprints to its C2 server and features flexible modes for file retrieval and on-the-fly configuration updates.

Latest mentioned: 10-14

Earliest mentioned: 10-14

Sources

sekoia.io gbhackers.com cybersum.net

Also Read

Cyber Espionage Campaign Targets Diplomats with PlugX Malware

A threat actor known as UNC6384 has been targeting European diplomatic entities in a cyber-espionage campaign since September. The group exploits a high-severity Windows vulnerability and uses refined social engineering tactics to deliver PlugX malware. The campaign, which initially targeted entities in specific regions, is expanding across the broader diplomatic community. The attack chain involves spear-phishing emails leading to malicious LNK files that exploit the vulnerability and execute obfuscated PowerShell commands. Researchers recommend organizations review and block command-and-control infrastructures and conduct security awareness training to mitigate such attacks.

11-01Read more →