QNAP: a vulnerability on the brand's NAS exploited by hackers to mine cryptos

Written by Guillaume
Publication date: {{ dayjs(1616000443*1000).local().format("L").toString()}}
This article is an automatic translation

Very popular, the NAS of the QNAP brand are at the heart of the turmoil: hackers have found a way to hijack their computing power.

In the world of "ready-to-use" NAS, two companies dominate the market for individuals as well as small and medium-sized businesses, and even larger structures: Synology and QNAP. If the offers of the two competitors are globally comparable, the second one has just received a "warning". Indeed, as it explains in great detail on its official blog, NetLab 360 has uncovered the use of a vulnerability in the NAS management software of the brand, QTS for QNAP Turbo Station.

Although based on a modified Linux distribution, QTS is a software known for its reliability, but it is not perfect. In this case, NetLab 360 explains that the attacks have been observed for several weeks now before being clearly highlighted from March 2nd. According to the site, the hackers exploit a remote command that gives them the ability to unlock root privileges. In fact, they can then do almost anything they want on the targeted machine. Cryptocurrency mining activities are then undertaken in order to exploit the computing power of the NAS concerned. However, the hackers would have been careful that the CPU occupation is partly hidden so that their actions are not too visible.

NetLab 360 says that they have quickly notified QNAP of their "find". For now, the only solution is to make sure that the NAS is up to date on the firmware side. In addition, NetLab 360 says that it is probably a good idea to monitor the IPs and addresses mentioned in its article to identify any suspicious activity. Finally, NetLab 360 publishes the (long) list of affected QNAP NAS, but it seems that the problem concerns the brand's firmware until August 2020.