PolarEdge Botnet Targets Cisco, ASUS, QNAP, Synology Routers

First reported

21.10.2025 16:47

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

PolarEdge is a botnet malware targeting routers from Cisco, ASUS, QNAP, and Synology. The malware, first documented in February 2025, exploits known vulnerabilities to compromise routers and establish a network for undetermined purposes. The malware operates in two modes: connect-back and debug, and uses TLS for communication. It employs various anti-analysis techniques and does not persist across reboots. The campaign may have started as early as June 2023, with infrastructure details disclosed in August 2025. The malware's exact purpose and the full extent of the campaign remain unclear.

Timeline

21.10.2025 16:47 1 articles · 23h ago

PolarEdge Botnet Targets Multiple Router Brands
PolarEdge, a botnet malware, targets routers from Cisco, ASUS, QNAP, and Synology. The malware exploits known vulnerabilities to compromise routers and establish a network for undetermined purposes. The campaign may have started as early as June 2023, with infrastructure details disclosed in August 2025. The malware's exact purpose and the full extent of the campaign remain unclear.
Show sources

PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign — thehackernews.com — 21.10.2025 16:47
Open in new tab

Information Snippets

PolarEdge targets routers from Cisco, ASUS, QNAP, and Synology.
First reported: 21.10.2025 16:47

1 source, 1 article
Show sources
- PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign — thehackernews.com — 21.10.2025 16:47
The malware exploits a known security flaw in Cisco routers (CVE-2023-20118).
First reported: 21.10.2025 16:47

1 source, 1 article
Show sources
- PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign — thehackernews.com — 21.10.2025 16:47
PolarEdge uses a TLS-based ELF implant to monitor and execute commands.
First reported: 21.10.2025 16:47

1 source, 1 article
Show sources
- PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign — thehackernews.com — 21.10.2025 16:47
The malware operates in connect-back and debug modes.
First reported: 21.10.2025 16:47

1 source, 1 article
Show sources
- PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign — thehackernews.com — 21.10.2025 16:47
PolarEdge uses mbedTLS v2.8.0 for TLS communication.
First reported: 21.10.2025 16:47

1 source, 1 article
Show sources
- PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign — thehackernews.com — 21.10.2025 16:47
The malware employs anti-analysis techniques to evade detection.
First reported: 21.10.2025 16:47

1 source, 1 article
Show sources
- PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign — thehackernews.com — 21.10.2025 16:47
PolarEdge does not ensure persistence across reboots.
First reported: 21.10.2025 16:47

1 source, 1 article
Show sources
- PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign — thehackernews.com — 21.10.2025 16:47
The campaign may have started as early as June 2023.
First reported: 21.10.2025 16:47

1 source, 1 article
Show sources
- PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign — thehackernews.com — 21.10.2025 16:47

Summary

Timeline

PolarEdge Botnet Targets Multiple Router Brands

Information Snippets