Alert: Potential legacy risk from malware targeting QNAP NAS devices

27 Jul 2020 03:46 PM

A joint NCSC and CISA alert detailing the legacy risk of the malware Qsnatch to QNAP NAS devices.

Image of an antivirus alert on a desktop computer

This is a joint alert from the United Kingdom’s National Cyber Security Centre (NCSC) and the Cybersecurity and Infrastructure Security Agency (CISA) in the United States.

The NCSC and CISA are investigating a strain of malware called QSnatch (also known as ‘Derek’), which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.

All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The malware has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe. Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates.

This alert can be downloaded below and summarises the findings of NCSC, CISA and industry partner analysis whilst also providing mitigation advice.

Downloads

Alert: Potential legacy risk from malware targeting QNAP NAS devices PDF, 276 KB, 6 PAGES
A joint NCSC and CISA alert detailing the legacy risk of the malware Qsnatch to QNAP NAS devices.