Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

The Quad7 botnet operators, thought to be a Chinese state-sponsored threat actor, are compromising several router brands and VPN appliances using known and unknown security flaws. Probed appliances include TP-LINK, Zyxel, Asus, Axentra, D-Link, and NETGEAR, and locations include Bulgaria, the US, and Ukraine. The modifications offer enhanced stealth and evasion of tracking. The actor has also introduced a new backdoor called UPDTAE, allowing remote control of compromised devices and execution of commands from a command-and-control server.