Episode 244: ZuoRAT brings APT Tactics to Home Networks

In this episode of the Security Ledger podcast, brought to you by ReversingLabs, we interview Danny Adamitis (@dadamitis) of Black Lotus Labs about the discovery of ZuoRAT, malware that targets SOHO routers – and is outfitted with APT-style tools for attacking the devices connected to home networks. As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.  [MP3] Cyber attacks on small office and home office (or SOHO) routers aren’t new. Back in 2016, the malware known as Mirai made headlines across the world by infecting hundreds of thousands of weekly protected SOHO routers and DVR devices and stringing them into a potent botnet that could be leased out to distribute spam and launch crippling denial of service attacks.  But for all its bluster, Mirai and the IoT botnets that followed it were pretty simple creatures. They infected SOHO routers by exploiting default passwords (mostly). The goal was to own the router itself. The goal was to build  a platform for future, external attacks – not probing the home and small business networks the routers fronted.   New Rapidly-Spreading Hide and Seek IoT Botnet Identified by Bitdefender ZuoRAT: sniffing around home networks Danny Adamitis is a researcher at Lumen’s Black Lotus Labs. That’s not the case with ZuoRAT, a mysterious Mirai variant uncovered by researchers at Lumen’s Black Lotus Labs. According to Lumen researcher Danny Adamitis (@dadamitis), ZuoRAT looked like earlier IoT botnets, but behaved very differently: with an intense interest in the devices connected to home networks and the ability to launch extremely targeted attacks on home devices that could steal data, redirect web searches and, potentially, install malware on devices that used the router. Another interesting tidbit: ZuoRAT’s targets,