Summary: A new malware campaign, codenamed PolarEdge, targets edge devices like those from Cisco, ASUS, QNAP, and Synology, using a critical vulnerability to compromise routers and create a botnet. The malware exploits CVE-2023-20118, delivering a sophisticated TLS backdoor that allows for remote command execution. This campaign has reportedly infected over 2,000 unique IP addresses globally, raising concerns about its potential use for launching cyber attacks.
Affected: Cisco, ASUS, QNAP, Synology
Keypoints :
- The malware exploits an unpatched vulnerability in Cisco routers to create a botnet.
- PolarEdge leverages a TLS backdoor to execute commands and manage client connections.
- The botnet is prevalent across multiple countries and could be used for launching future cyber attacks.
Source: https://thehackernews.com/2025/02/polaredge-botnet-exploits-cisco-and.html