A new malware named Cuttlefish targets enterprise-grade and SOHO routers to harvest public cloud authentication data, creating a proxy or VPN tunnel to exfiltrate data. It operates since at least July 2023, with a recent campaign from October 2023 to April 2024 primarily infecting from Turkey and targeting public cloud services like Alicloud, AWS, and more.
https://securityaffairs.com/162603/malware/cuttlefish-malware-targets-routers.html