Malicious QNAPs in the wild
Here's another observation of a weird in-the-wild attack on the blog.
The IP address on Shodan shows a device located in Hong Kong based ISP network. At the time of writing, the IP address still responds to requests on ports 80/443/8081.
The SSL cert shows QNAP as the issuer, so it's safe to assume it's a hostile compromised NAS device, or someone doing something nefarious with the QNAP as its proxy. Probably the former.
A quick DDG search brings up:
Researchers warn of QNAP NAS attacks in the wild
Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. Hackers are scanning the Internet for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions vulnerable to a rem…
QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices
The Hacker News is the most popular, independent and trusted source for the latest news headlines on cybersecurity, hacking, computer security, cybercrime, privacy, vulnerabilities and technology for all businesses, information security professionals and hackers worldwide.
Thousands of QNAP NAS devices have been infected with the QSnatch malware | ZDNet
Over 7,000 infections reported in Germany alone. The malware is still spreading.