Cyber-Espionage Groups Are Increasingly Leveraging Routers in Their Attacks

"We've seen a bunch of router attack throughout the years. A very good example is SYNful Knock, a malicious implant for Cisco [routers] that was discovered by FireEye but also threat actors such as Regin and CloudAtlas. Both APTs have been known to have and own proprietary router implants."

Currently, Kaspersky classifies routers as a "growing areas of risk" for APT operations, next to the recent wave of newly-disclosed CPU vulnerabilities, such as Meltdown, Spectre, Chimera, RyzenFall, Fallout, and MasterKey, which fellow Kaspersky researcher Vicente Diaz sees as a threat as threat actors will learn to weaponize for attacks.