Ransomware Rampage: DrayTek Devices Fall Prey to Zero-Day Hack Attack
Over 300 organizations hacked using undocumented vulnerabilities in DrayTek devices, including a potential zero-day flaw. Monstrous Mantis facilitated access for ransomware groups, impacting thousands globally. Despite known security defects, many devices remain unpatched. Prodaft reports exploitation of 20,000 devices, with Monstrous Mantis sharing stolen credentials with groups like Ruthless Mantis and LARVA-15.
Hot Take:
Well, it seems that our digital guardians have once again let down their defenses like a knight who swapped his armor for a onesie! With 300 organizations hacked, DrayTek routers are now the infamous party crasher that everyone forgot to patch. If you thought a zero-day flaw was a fancy cocktail, it’s time to sober up and update those devices before Monstrous Mantis invites itself over for tea and ransomware pie.
Key Points:
- More than 300 organizations fell prey to ransomware groups exploiting vulnerabilities in DrayTek devices.
- Forescout identified 14 security defects in DrayTek Vigor router models, many unpatched since their discovery years ago.
- A coordinated hacking campaign exploited a potential zero-day bug for initial access, with Monstrous Mantis leading the charge.
- Collaborators like Ruthless Mantis and LARVA-15 used stolen credentials to target victims across Europe and other regions.
- Forescout and Prodaft suspect the vulnerabilities lie within the web page of DrayTek routers’ administrative interface.