Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

PolarEdge Botnet Targets Cisco ASUS QNAP

February 27, 2025
Reading Time: 2 mins read
in Alerts
PolarEdge Botnet Targets Cisco ASUS QNAP

A new malware campaign named PolarEdge has been discovered targeting edge devices from companies like Cisco, ASUS, QNAP, and Synology. The campaign exploits the critical CVE-2023-20118 vulnerability, a flaw in Cisco routers, allowing attackers to execute arbitrary commands on affected devices. The vulnerability remains unpatched due to the devices’ end-of-life status. Cisco had recommended mitigating the flaw by disabling remote management and blocking specific ports, but the malware continues to exploit unpatched devices. Once the flaw is successfully exploited, attackers use a previously unknown implant, a TLS backdoor, to take control of the infected device.

The backdoor, delivered through a shell script named “q” via FTP, enables attackers to perform various malicious actions.

These include cleaning up log files, terminating suspicious processes, and downloading a malicious payload. The backdoor establishes persistence by modifying system files to repeatedly execute the “cipher_log” binary. PolarEdge malware enters an infinite loop to spawn child processes, managing incoming client connections and executing commands. This persistent backdoor connects to a command-and-control server to report successful infections and send device details like IP addresses and port pairings.

The malware campaign also targets ASUS, QNAP, and Synology devices using similar PolarEdge payloads. These devices are infected through FTP, with the payloads traced to an IP address hosted on Huawei Cloud. This botnet has compromised 2,017 unique IP addresses worldwide, with infections reported across multiple countries, including the US, Russia, Taiwan, and Brazil. While the exact purpose of the botnet remains unclear, researchers speculate that it could be used to control compromised devices for launching larger-scale cyberattacks, such as distributed denial-of-service (DDoS) attacks.

The complexity of PolarEdge and its ability to exploit various vulnerabilities across different systems demonstrates the sophistication of the operation. The malware’s deployment and persistence mechanisms highlight the advanced skills of the attackers behind it, suggesting a well-organized cybercrime group. The PolarEdge botnet’s widespread infections underscore the significant risks faced by edge devices, especially those that are no longer receiving security updates. As such, the operation serves as a warning of the increasing threats targeting vulnerable devices globally.

Reference:
  • PolarEdge Botnet Targets Cisco ASUS QNAP and Synology Devices for Cyber Attacks
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityFebruary 2025
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial