CISA, U.K. Cybersecurity Agency Investigate QSnatch Malware

CISA, U.K. Cybersecurity Agency Investigate QSnatch Malware
CISA

The Cybersecurity and Infrastructure Security Agency (CISA) and a U.K.-based cybersecurity center have investigated and released findings on the QSnatch malware that has been used against network-attached storage devices.

The joint investigation found that the malware may have been used in a campaign that ran from 2014 to 2017 and in a second one between 2018 and 2019, CISA said Monday.

QSnatch is known as a tool of cyber actors who have targeted devices made by company QNAP. The malware may still pose a threat to unpatched devices. CISA also noted that the cyber actors have exhibited an understanding of operational security.

QSnatch has features that allow users to steal passwords and system configuration files, scrape credentials, apply arbitrary codes via a backdoor and remotely access assets. The investigators recommend organizations only purchase QNAP products from verified sources and block external links if the device is used solely as internal storage.

Check Also

Cybersecurity Strategy

Updated CISA Federal Cybersecurity Strategy Directs Improved CDM Scores Through FY 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to its action plan for strengthening federal cybersecurity in fiscal years 2020 through 2021. The initiative was led by Matthew Travis, the deputy director of CISA. CISA also cited evolving threat landscapes and limitations in cloud, network and encryption capabilities as challenges.