Malware implants on Cisco routers revealed to be more widespread
Attackers have installed malicious firmware on nearly 200 Cisco routers used by businesses from over 30 countries, according to Internet scans performed by cybercrime fighters at the Shadowserver Foundation.
Last Monday, FireEye subsidiary Mandiant warned about new attacks that replace the firmware on integrated services routers from Cisco Systems. The rogue firmware provides attackers with persistent backdoor access and the ability to install custom malware modules.
At the time Mandiant said that it had found 14 routers infected with the backdoor, dubbed SYNful Knock, in four countries: Mexico, Ukraine, India and the Philippines. The affected models were Cisco 1841, 8211 and 3825, which are no longer being sold by the networking vendor.