Security News > 2020 > April > Several Botnets Using Zero-Day Vulnerability to Target Fiber Routers
Multiple botnets are targeting a zero-day vulnerability in fiber routers in an attempt to ensnare them and leverage their power for malicious purposes, security researchers warn.
Security researchers with Qihoo 360's Netlab have observed multiple attempts to target the 0day, some before the PoC was published, starting with the Moobot botnet that successfully used an exploit for the vulnerability in February.
The attacks have intensified over the past several weeks, and multiple botnets are targeting the security flaw.
Devices made by nine vendors appear to be affected, likely because they use the same OEM. The Gafgyt and Fbot botnets were observed leveraging the PoC exploit, albeit failing to successfully infect devices, mainly because the PoC needs to be chained with another vulnerability to compromise a router, the security researchers say.
To date, only Moobot appears to be actively exploiting the security flaw, as it is using its own exploit.
News URL
Related news
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- 13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks (source)
- Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (source)