[WARNING] CISA Alert (AA20-209A) Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply
gnvdude
New here
Posts: 7
Joined: Sat May 31, 2014 8:01 am

[WARNING] CISA Alert (AA20-209A) Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Post by gnvdude » Mon Jul 27, 2020 11:37 pm

Summary
This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC).

CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.

All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe. Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates.

This alert summarizes the findings of CISA and NCSC analysis and provides mitigation advice.

https://us-cert.cisa.gov/ncas/alerts/aa20-209a

https://www.ncsc.gov.uk/news/legacy-ris ... as-devices
Last edited by Toxic17 on Wed Jul 29, 2020 12:49 am, edited 3 times in total.
Reason: Updated Thread Title, added NCSC link, made Sticky, Moved thread to Users Corner

dolbyman
Guru
Posts: 19095
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: CISA Alert (AA20-209A) Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Post by dolbyman » Mon Jul 27, 2020 11:45 pm

another reminder not to expose your NAS .. Qsnatch has been around for a year now
Last edited by Toxic17 on Wed Jul 29, 2020 12:49 am, edited 1 time in total.

User avatar
Toxic17
Ask me anything
Posts: 5418
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [WARNING] CISA Alert (AA20-209A) Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Post by Toxic17 » Wed Jul 29, 2020 12:50 am

Updated Thread Title, added NCSC link, made Sticky, Moved thread to Users Corner
Regards Simon

QTS 4.x User Guidex

QNAP Club Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-473-32GB QM2-2P QXG-10G1T 4.4.2.1354 • TVS-463-16GB 4.4.2.1354 QM2-2S10G1TB • TS-459 Pro 2GB 4.2.6 • TS-121 4.3.3.1161 • APC Back-UPS ES 700G •
QPKG's: Plex 1.19.3 • Apache73 v2443.74070 • QSonarr 3.0.3.809 • QNBZGet 21.0 • phpMyAdmin 5.0.2 • Qmono 6.80.105 • McAfee 3.1.0 -6010 • HBS 3.0.200424 • LEgo v3.6.0
Network: VM Hub 3.0 <500/35> • UniFi USG Pro 4 • UniFi USW-16-150W • UniFi USW-8-60W • UniFi CloudKey Gen2+ • UniFi G3-Flex • UAP AC Pro • UAP AC Lite • SLM2008 • Dell 7050 MFF •

Post Reply

Return to “Users' Corner”