Security News > 2020 > April > Fast-Moving DDoS Botnet Exploits Unpatched ZyXel RCE Bug
That's according to researchers at Radware, who also said that it's notable how quickly Hoaxcalls operators have moved to weaponize the ZyXel bug, which as of this time of writing, has still not been addressed in a ZyXel advisory.
According to the Palo Alto Unit 42 researchers who found it, the original sample featured three DDoS attack vectors: UDP, DNS and HEX floods; and, it was seen infecting devices through two vulnerabilities: A DrayTek Vigor2960 remote code-execution vulnerability and a GrandStream Unified Communications remote SQL injection bug.
"While IoT botnet variants are common, these samples highlight not only the speed in which criminals move, but also the depth and scope of the campaigns run by DDoS operators," noted Radware researchers, in an analysis posted on Wednesday.
The addition of the unpatched bug exploit only widens the number of routers and IoT devices that can be used by Hoaxcalls going forward, Radware researchers noted - adding that they expect the attack surface to continue to widen.
"The campaigns performed by the actor or group behind XTC and Hoaxcalls include several variants using different combinations of propagation exploits and DDoS attack vectors," Radware researchers said in the analysis.
News URL
https://threatpost.com/fast-moving-ddos-botnet-unpatched-zyxel-rce-bug/155059/
Related news
- Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (source)
- PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers (source)
- Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking (source)
- QNAP QTS zero-day in Share feature gets public RCE exploit (source)
- Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique (source)
- Exploit released for maximum severity Fortinet RCE bug, patch now (source)
- Zyxel issues emergency RCE patch for end-of-life NAS devices (source)
- Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks (source)
- POC exploit code published for 9.8-rated Apache HugeGraph RCE flaw (source)
- TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers (source)