Cybersecurity researchers have revealed that the threat actor ViciousTrap has compromised thousands of network devices worldwide, turning them into honeypots to intercept network traffic. The attack exploits a critical Cisco router vulnerability (CVE-2023-20118) and involves complex malware like NetGhost, with most infections in Macau. #CVE-2023-20118 #ViciousTrap
Keypoints
- ViciousTrap has infected nearly 5,300 devices across 84 countries, primarily in Macau.
- The attack exploits a critical flaw in Cisco Small Business routers using CVE-2023-20118.
- Malware called NetGhost redirects traffic to the attacker-controlled honeypots for surveillance.
- The campaign involves the use of web shells previously associated with the PolarEdge botnet.
- Most activities originate from Malaysia, with indications of Chinese-speaking threat actors involved.
Read More: https://thehackernews.com/2025/05/vicioustrap-uses-cisco-flaw-to-build.html