Researchers have identified a resilient botnet, called KadNap, infecting 14,000 Asus routers primarily in the US, using a peer-to-peer network to avoid detection and facilitate cybercrime through a proxy service. The malware exploits unpatched vulnerabilities and requires a factory reset to remove, with Black Lotus Labs providing means to block its network traffic.
The most valuable insight for you as a cybersecurity professional is that the KadNap botnet is leveraging a sophisticated peer-to-peer design based on Kademlia, making it highly resistant to traditional takedown methods. To counteract this, security professionals should focus on blocking network traffic to/from the botnet's control infrastructure and utilize the indicators of compromise distributed by Black Lotus Labs to preemptively mitigate risk. This emphasizes the importance of keeping firmware updated and strengthening router defenses to prevent future exploitation.