Black Lotus Labs
Whose router is it anyway?
Black Lotus Labs, the threat intelligence division within Lumen Technologies, is currently tracking elements of a sophisticated campaign that has been leveraging infected SOHO routers to target North American and European networks of interest undetected for nearly two years. We identified a multistage remote access trojan (RAT), dubbed ZuoRat, developed for SOHO devices that grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain a foothold.
Danny Adamitis is a principal information security engineer at Black Lotus Labs, the threat research division within Lumen Technologies. He is responsible for tracking advanced actors that pose a significant risk to the telecommunications and ISP verticals. He has a passion for research on DNS hijacking, and router-oriented malware. He has almost a decade of experience performing threat analysis and reporting on nation-state campaigns, most notably while at Cisco.