AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
Summary
A new malware family named AryStinger has been discovered infecting over 4,300 legacy routers, repurposing them into a distributed reconnaissance and proxy network. This differs from typical router malware, which often creates DDoS botnets, as AryStinger focuses on the pre-breach stages of an attack.
IFF Assessment
The discovery of AryStinger malware, which creates a reconnaissance proxy network from compromised routers, poses a threat to defenders by facilitating stealthy pre-attack activities.
Defender Context
Defenders should be aware of the AryStinger malware and the potential for legacy routers to be repurposed for reconnaissance. This highlights the ongoing threat posed by unpatched and forgotten IoT devices, which can be leveraged by attackers for various stages of their campaigns.