QNAP users be aware, it's ongoing.
My first look suggests UPnP is probably the attack vector (my advice - disable UPnP unless you absolutely need it, it's a massive risk). Don't enable it in your router either, if you have the option, unless it's a necessity. It's a convenience getting gaes etc to work, but not so convenient if it blows a gaping hole in your firewall. That's my take, anyway - I disable it.
More info on Bleeping Computers, QNAP themselves and a shout out for Robbie at NASCompares, which is where I saw it.