Carding 4 Carders
Professional
- Messages
- 2,729
- Reaction score
- 1,521
- Points
- 113
Qnap specialists report that they managed to disable a malicious server used in massive brute-force attacks aimed at NAS devices with weak passwords.
The company says that it discovered the attacks on the evening of October 14, 2023, and with the assistance of Digital Ocean specialists, two days later destroyed the attackers control server, which they used to manage a botnet consisting of hundreds of infected systems.
"The Qnap Product Security Incident Response Team (QNAP PSIRT) promptly took action and successfully blocked hundreds of zombie IP addresses using QuFirewall within seven hours, effectively protecting numerous Qnap NAS with Internet access from further attacks," representatives of the Taiwanese manufacturer report. "Also, within 48 hours, the original C&C server [of the hackers] was successfully identified and together with the cloud service provider Digital Ocean, Qnap specialists took measures to block this server, preventing further escalation of the situation."
Qnap now encourages its customers to protect their devices by changing the default access port number, disabling port forwarding on routers and UPnP on the NAS, as well as using strong passwords for their accounts, disabling the administrator account targeted by malicious attacks, and updating the NAS firmware to the latest version.
"This attack occurred over the weekend, and Qnap quickly detected it using cloud technology, quickly identified the source of the attack, and blocked it," wrote Stanley Huang, head of Qnap PSIRT. "This not only helped users of Qnap NAS devices avoid damage, but also protected other storage users from this wave of attacks."
The company says that it discovered the attacks on the evening of October 14, 2023, and with the assistance of Digital Ocean specialists, two days later destroyed the attackers control server, which they used to manage a botnet consisting of hundreds of infected systems.
"The Qnap Product Security Incident Response Team (QNAP PSIRT) promptly took action and successfully blocked hundreds of zombie IP addresses using QuFirewall within seven hours, effectively protecting numerous Qnap NAS with Internet access from further attacks," representatives of the Taiwanese manufacturer report. "Also, within 48 hours, the original C&C server [of the hackers] was successfully identified and together with the cloud service provider Digital Ocean, Qnap specialists took measures to block this server, preventing further escalation of the situation."
Qnap now encourages its customers to protect their devices by changing the default access port number, disabling port forwarding on routers and UPnP on the NAS, as well as using strong passwords for their accounts, disabling the administrator account targeted by malicious attacks, and updating the NAS firmware to the latest version.
"This attack occurred over the weekend, and Qnap quickly detected it using cloud technology, quickly identified the source of the attack, and blocked it," wrote Stanley Huang, head of Qnap PSIRT. "This not only helped users of Qnap NAS devices avoid damage, but also protected other storage users from this wave of attacks."
