Widespread network edge device targeting conducted by PolarEdge botnet

More than 2,000 Cisco, QNAP, Synology, and ASUS network edge devices worldwide — particularly in the U.S., Taiwan, Russia, India, Brazil, Australia, and Argentina — have been compromised by the PolarEdge botnet since the end of 2023, reports The Hacker News.

Intrusions involved the targeting of various router vulnerabilities — including the critical Cisco Small Business router bug, tracked as CVE-2023-20118 — to facilitate the distribution of the PolarEdge TLS backdoor, an investigation from Sekoia researchers found.

"The botnet exploits multiple vulnerabilities across different types of equipment, highlighting its ability to target various systems. The complexity of the payloads further underscores the sophistication of the operation, suggesting that it is being conducted by skilled operators," said researchers.

Such findings come after Microsoft 365 accounts were reported by SecurityScorecard to be subjected to sweeping password spraying attacks involving a botnet of more than 130,000 compromised devices, which is suspected to have been conducted by a China-linked threat operation.