Risky Bulletin Newsletter
December 16, 2024
Risky Bulletin: Secret ransomware campaign targeted DrayTek routers for a year
Presented by
![Catalin Cimpanu](/static/img/catalin-cimpanu.jpg)
News Editor
Threat actors have secretly abused a suspected zero-day in DrayTek routers since August of last year to hack devices, steal passwords, and then deploy ransomware on connected networks.
According to a joint report from Forescout and PRODAFT, the attacks were carried out by a threat actor known as Monstrous Mantis—believed to be linked to the Ragnar Locker ransomware group.
The attacker used the zero-day to extract and crack the passwords of DrayTek Vigor routers and then hand out the credentials to selected collaborators.