Microsoft has recently issued an urgent alert regarding a substantial botnet network identified as Quad7, also referred to as 7777. This network, believed to be operated by Chinese hackers, is increasingly involved in global cyberattacks.
According to a report from TechRadar, the hacker group known as Storm-0940 is exploiting the Quad7 botnet to execute Password Spraying attacks. This method involves attempting to guess user passwords, aiming to infiltrate various systems. The targets of Storm-0940 include government agencies, consulting firms, non-governmental organizations, legal professionals, and defense contractors.
Microsoft describes the tactics employed by Storm-0940 as sophisticated, highlighting their use of what is termed “trickle-down” attacks. This strategy involves making only one login attempt per account each day to evade detection. Once a password is successfully guessed, the group quickly moves to take control of the compromised systems.
Quad7 was initially discovered in late September 2024, originally targeting TP-Link routers. However, its scope has since broadened to include a range of devices like ASUS, Zyxel, Ruckus routers, and Axentra servers.
Experts note that Quad7 employs customized malware to launch attacks tailored to specific device types, with each category being vulnerable to a different variant of the malware, known as a ‘cluster.’
In light of these developments, Microsoft urges users to remain vigilant and implement the necessary security measures to safeguard their accounts and devices against potential Quad7 attacks.