Researchers at FireEye have discovered 14 Cisco routers, in four different countries. The attack is being called SYNful Knock. The attackers are levering default or discovered credentials to modify the router’s firmware in order to maintain persistence on a victim’s network. The implant consists of a modified Cisco IOS image that allows the attacker to load different functional modules from the anonymity of the internet. The implant also provides unrestricted access using a secret backdoor password. So far, Cisco 1841, 2811, and 3825 routers are known to be affected.”]
Source: https://www.csoonline.com/article/2984040/cisco-routers-targeted-in-recent-attacks-fireeye-says.html