Drilling Down on Uncle Sam’s Proposed TP-Link Ban

https://krebsonsecurity.com/2025/11/drilling-down-on-uncle-sams-proposed-tp-link-ban/

#U.S.DepartmentofCommerce #InternetofThings(IoT) #CheckPointResearch #TheWashingtonPost #ALittleSunshine #LatestWarnings #TheComingStorm #TP-LinkSystems #CamaroDragon #microsoft #OpenWrt #DD-WRT #wired

Happy Friday everyone! Travel the world with the Check Point Software Technologies Ltd research team as they report how #CamaroDragon spread uncontrollably. Enjoy and Happy Hunting!

Link in the comments!

***Here is your #miniCTF challenge***
Beginner: What MITRE ATT&CK relates to the way the malware propagates?
Intermediate: There are at least two means of persistence mentioned in this article. What are they and what are their Technique/sub-technique IDs and titles?
Extra Credit: What log sources and event codes from those log sources will capture either the beginner's or intermediate (or both) challenges activity?

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

#HappyFriday everyone! The Check Point Software Technologies Ltd research team continues to discover more tools used by the #APT known as #CamaroDragon. This time, they shed light on Go-based backdoor dubbed #TinyNote. Check out the article for more details! Enjoy and Happy Hunting!

Link is in the comments!

**I am going to leave one of the MITRE ATT&CK blank. I would like to see if any of you that see this can help FILL in that blank! If so, leave your thoughts in the comments OR send me a DM!**

Notable TTPs:
TA0005 - Defense Evasion
T1574.002 - Hijack Execution Flow: DLL Side-Loading

TA0002 - Execution
T1059.003 - Command And Scripting Interpreter: Windows Command Shell
T1059.001 - Command And Scripting Interpreter: PowerShell

TA0003 - Persistence
T[Let me know what persistence techniques you see!]

TA0007 - Discovery
T1033 - System Owner/User Discovery
T1015 - System Network Configuration Discovery

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

Wednesday's #readoftheday if from Check Point Software Technologies Ltd Research team focusing recent #CamaroDragon activity. The tool of choice was a custom made firmware for the TP-Link router. Enjoy and Happy Hunting!

THE DRAGON WHO SOLD HIS CAMARO: ANALYZING CUSTOM ROUTER IMPLANT
https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/

Notable MITRE ATT&CK TTPs:
TA0002 - Execution
T1059.006 - Command and Scripting Interpreter: Network Device CLI

TA0010 - Exfiltration
T1048 - Exfiltration Over Alternative Protocol

TA0011 - Command And Control
T1071.001 - Application Layer Protocol: Web Protocols

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting