Leading computing, networking, and storage solution innovator QNAP has recently warned its customers of ongoing attacks targeting QNAP Network-Attached Storage (NAS) devices.

The company urges its users to immediately increase their devices’ security, including using strong passwords, changing the default access port number, and disabling the admin account.

QNAP has been very active in patching vulnerabilities in their devices. Late last year, it fixed a cross-site scripting vulnerability, and earlier this year issued patches to neutralize UnityMiner malware that used the QNAP device to mine cryptocurrency. The program was customized by keeping the cryptocurrency mining process and the real CPU memory resource usage details under the radar in order to hide the malicious activity from QNAP owners.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Threat Prevention - Network

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

While former attacks exploited software vulnerabilities on unpatched devices, the current campaign exploits human behavior. The threat actors use simple tools to break into the device by trying to log in using a list of common passwords and previously compromised credentials.

Recently QNAP has received multiple user reports of hackers attempting to log in to QNAP devices using brute-force attacks – where hackers would try every possible password combination of a QNAP device user account. If a simple, weak, or predictable password is used (such as “password” or “12345”) hackers can easily gain access to the device, breaching security, privacy, and confidentiality.


After guessing the right credentials, hackers get full access to the targeted device, allowing them to exfiltrate sensitive documents or deploy malware. If they fail to brute-force their way in, the attempts will be recorded and marked with “Failed to login” warning messages by NAS devices’ system logs.

QNAP recommends users to enhance NAS security by implementing password rotation policies and disabling the default admin account. Additionally, since the attack is only possible on Internet-facing NAS devices, QNAP suggests customers don’t expose their devices on public networks.

What’s more, you can follow QNAP’s recommendations below to prevent malware infection or other attacks, and better secure your device and protect your data.

  • Remove unknown or suspicious accounts.
  • Remove unknown or suspicious applications.
  • Disable auto-router configuration and set up device access controls in myQNAPcloud.
  • Avoid opening default port numbers to the Internet.
  • Install and run the latest version of Malware Remover.
  • Change passwords for all accounts.
  • Update installed QTS applications to the latest versions.
  • Update QTS to the latest available version.
  • Install QuFirewall.

Unpatched QNAP NAS Devices Targeted by UnityMiner in Cryptocurrency Mining Campaign

Cyber Analysts Find Links Between SunCrypt and QNAPCrypt Ransomware

131 Cybersecurity Tips that Anyone Can Apply

Leave a Reply

Your email address will not be published. Required fields are marked *