The Cybersecurity and Infrastructure Security Agency (CISA) and a U.K.-based cybersecurity center have investigated and released findings on the QSnatch malware that has been used against network-attached storage devices.
The joint investigation found that the malware may have been used in a campaign that ran from 2014 to 2017 and in a second one between 2018 and 2019, CISA said Monday.
QSnatch is known as a tool of cyber actors who have targeted devices made by company QNAP. The malware may still pose a threat to unpatched devices. CISA also noted that the cyber actors have exhibited an understanding of operational security.
QSnatch has features that allow users to steal passwords and system configuration files, scrape credentials, apply arbitrary codes via a backdoor and remotely access assets. The investigators recommend organizations only purchase QNAP products from verified sources and block external links if the device is used solely as internal storage.
