Share this article on:
Powered by MOMENTUMMEDIA
Breaking news and updates daily.
As DrayTek routers around the world randomly reboot for no apparent reason, security researchers have spotted hackers actively exploiting a trio of vulnerabilities in the popular router brand.
Researchers at threat intelligence firm GreyNoise recently warned that hackers have been observed taking advantage of three known vulnerabilities in DrayTek routers.
The malicious activity, which appears to be global in its extent, comes at the same time that many DrayTek customers are reporting that their routers are randomly rebooting without any apparent cause.
According to DrayTek, the best solution is to disconnect the device and upgrade to the latest firmware if possible. The company also suggests turning off remote access unless absolutely necessary and using an access control list otherwise, suggesting some external factor may be at play – something that DrayTek does not elaborate on.
DrayTek also suggests simply buying a new router if the current model is too old.
The random reboots were first reported a few days ago on Reddit, with DrayTek addressing the issue on 24 March. A day later, on 25 March, GreyNoise reported that it was observing active exploitation of three vulnerabilities:
GreyNoise did admit, however, that it could not see a connection between the activity it observed and the reboots, but it said it was “surfacing this data to help defenders monitor and respond accordingly”.
The researchers have seen consistent activity over the last 45 days, and the case of the latter two vulnerabilities above, active exploitation within the last 24 hours. Almost 150 IP addresses have been linked to the exploitation attempts, and the targeted countries include the United States, Lithuania, Singapore, and Hong Kong.
At least one Australian entity appears to be being targeted, according to GreyNoise’s own activity visualisation tool.
Cyber Daily has reached out to DrayTek for comment.
You can read more about what GreyNoise has observed here.
This is not the first time DrayTek has made headlines over the exploitation of its network hardware. In December 2024, cyber security firm Forescout disclosed 14 vulnerabilities in 24 different models of DrayTek routers.
“While the extent of these findings was beyond expectation, it was not entirely surprising,” Vedere Labs said at the time.
“DrayTek is among many vendors that [do] not appear to conduct the necessary variant analysis and post-mortem analysis after vulnerability reports – which could lead to long-term improvements.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.