CISA and NCSC warn that more than 62,000 QNAP NAS devices infected with a malware strain known as QSnatch. All QNAP NAS devices are affected if the latest security fixes are not applied.
The campaign found to be active since late 2019, and they primarily target Network Attached Storage (NAS) devices manufactured by the firm QNAP.
CISA and NCSC discovered that two campaigns of QSnatch malware activity;
“This alert focuses on the second campaign as it is the most recent threat. It is important to note that infrastructure used by the malicious cyber actors in both campaigns is not currently active, but the threat remains to unpatched devices.,” CISA said.
The malware is highly sophisticated, and its infection vector has not been identified. It appears the malware directly gets inject to the device firmware during the infection stage and the malicious code runs within the device compromising it.
Following are the malware functionalities
C2 communication established using a domain generation algorithm (DGA) that generates multiple domain names for use in C2 communications.
For maintaining persistence the malware prevents installing updates with the infected QNAP device by modifying the host’s file.
According to CISA analysis, “in mid-June 2020, there were approximately 62,000 infected devices worldwide; of these, approximately 7,600 were in the United States and 3,900 were in the United Kingdom.”
CISA and NCSC recommend organizations running a vulnerable version must run a full factory reset on the device before completing the firmware upgrade to ensure the device is not left vulnerable. Also, CISA provides mitigations for organizations.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.
Also Read
Hackers Infect More than 500,000 Routers Worldwide with a Potentially Destructive VPNFilter Malware
New eCh0raix Ransomware Attacking Linux File Storage Servers
Gcore, the global edge AI, cloud, network, and security solutions provider, has launched Super Transit,…
Microsoft has urgently patched a high-risk security vulnerability (CVE-2025-29810) in Windows Active Directory Domain Services…
Adobe has announced critical security updates for several of its popular software products, addressing vulnerabilities…
In a disturbing escalation of cyber threats, a new malware campaign dubbed 'HollowQuill' has been…
GreyNoise has noted a sharp escalation in hacking attempts targeting TVT NVMS9000 Digital Video Recorders…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert highlighting a critical vulnerability…