Find notable cyber news and cases, enriched with sources, timelines, and signals.

PolarEdge botnet activity targeting Cisco, ASUS, QNAP, and Synology routers

Malware Activity
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

PolarEdge is a botnet malware operation whose updated analysis shows how infected Cisco, ASUS, QNAP, and Synology routers can be turned into remote-control footholds. Observed February 2025 attack chains used CVE-2023-20118 to deliver the implant, raising the risk for exposed router fleets. Once installed, the malware can execute commands and keep TLS-based C2 communication alive on compromised devices.

Related Happenings

BRICKSTORM, PLENET, and AGENTPSD Linux appliance deployment

Malware Activity
H score40 First: 08.06.2026 13:27 Last: 08.06.2026 13:27 Sources 1

About this happening: The deployment of **BRICKSTORM**, **PLENET (aka GRIMBOLT)**, and **AGENTPSD** on **Linux appliances** expanded operator access with **backdoor**, **proxying**, **remote command ex...

NCSC-UK joint advisory on covert botnets and proxy networks

Public Sector Action
H score66 First: 23.04.2026 15:28 Last: 23.04.2026 15:28 Sources 1

About this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...

AVRecon malware for Linux powering SocksEscort proxy network

Malware Activity
H score19 First: 12.03.2026 18:19 Last: 12.03.2026 18:19 Sources 1

About this happening: The **AVRecon** malware for Linux powered the **SocksEscort** proxy network, turning compromised **Linux-based SOHO routers** into traffic-routing nodes at scale. It was believed...

KadNap Asus router proxy botnet

Malware Activity
H score22 First: 10.03.2026 18:00 Last: 10.03.2026 18:00 Sources 1

About this happening: **KadNap** is a **proxy botnet** that compromises **Asus routers** and other edge devices, creating a stealth channel for malicious traffic from **over 14,000 infected devices**....

KadNap botnet turns ASUS routers into residential proxies

Malware Activity
H score23 First: 10.03.2026 17:01 Last: 10.03.2026 17:01 Sources 1

About this happening: The **KadNap** botnet is now compromising **ASUS routers** and other edge networking devices, turning them into **residential proxies** that can hide malicious traffic. The networ...

Timeline

  1. 21.10.2025 16:47 2 articles · 8mo ago

    PolarEdge botnet analysis and router targeting

    Initial Disclosure

    Researchers described PolarEdge as a botnet malware operation targeting Cisco, ASUS, QNAP, and Synology routers, with first documentation in February 2025 and evidence suggesting activity may have begun as far back as June 2023. Observed February 2025 attack chains used CVE-2023-20118 to fetch a shell script named "q" over FTP and install a TLS-based ELF backdoor that sends a host fingerprint to C2, supports connect-back and debug modes, uses mbedTLS v2.8.0, performs process masquerading, deletes or moves files on infected devices, and can relaunch itself if the parent process disappears; later analysis in August 2025 characterized the infrastructure as consistent with an Operational Relay Box (ORB) network.

    Show sources