For almost a year, a threat actor has been using zero-day vulnerabilities to install malware on Tenda routers and build a so-called IoT (Internet of Things) botnet.
Named Ttint, this botnet was first detailed in a report published on Friday by Netlab, the network security division of Chinese tech giant Qihoo 360.
But unlike the myriad of IoT botnets of its kind spotted in the past, Netlab researchers said Ttint was different on several levels.
It didn’t just infect devices to perform DDoS attacks, but also implemented 12 different remote access methods to the infected routers, used the routers as proxies to relay traffic, tampered with the router’s firewall and DNS settings, and even gave attackers the ability to execute remote commands on the infected devices.
“Two zero-days, 12 remote access functions for the router, encrypted traffic protocol, and infrastructure […] that that moves around.