ZuoRAT is believed to have been circulating particularly since home working became much more prevalent since the start of the pandemic, and SOHO routers remain unpatched. According to researchers, the home working routers fall outside traditional corporate network security, and are often unpatched.

"Organizations should keep a close watch on SOHO devices and look for any signs of activity outlined in this research. This level of sophistication leads us to believe this campaign might not be limited to the small number of victims observed. To help mitigate the threat, they should ensure patch planning includes routers, and confirm these devices are running the latest software available."

[zdnet.com...]