PolarEdge: Unveiling an uncovered ORB network

SUMMARY :

An analysis of the PolarEdge backdoor and its associated botnet reveals a sophisticated cyber threat targeting various edge devices. The botnet exploits vulnerabilities in Cisco, Asus, QNAP, and Synology devices, using a TLS backdoor to establish control. Active since at least late 2023, PolarEdge has infected over 2,000 devices globally, with a significant presence in Asia and South America. The attackers employ complex infrastructure for payload delivery and command and control, utilizing multiple domains and IP addresses. While the botnet's ultimate purpose remains unclear, it's suspected to potentially use compromised devices as Operational Relay Boxes for launching offensive cyber attacks. The sophistication of the operation suggests skilled operators behind this extensive and well-coordinated threat.

OPENCTI LABELS :

botnet,vulnerability exploitation,asus,infrastructure analysis,edge devices,qnap,polaredge,cve-2023-20118,tls backdoor,synology,cipher_log,cisco


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


PolarEdge: Unveiling an uncovered ORB network