Security News > 2020 > May > Inside the Hoaxcalls Botnet: Both Success and Failure
The Hoaxcalls operators are among those botherders that differentiate themselves from amateur actors with the use of exploits - most of those with fewer technical skills tend to brute-force SSH and Telnet credentials in order to compromise devices and add them to their botnets.
Two new Hoaxcalls samples spotted by Radware showed up on the scene in April, incorporating new commands from its command-and-control server and a new exploit for an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed in March.
Some of the exploits that the Hoaxcalls group tried but abandoned include the bugs tracked as CVE-2018-10562 and CVE-2018-10561, which are authentication-bypass and command-injection bugs for GPON home routers.
In May, researchers at Palo Alto Networks' Unit 42 division observed the latest version of the botnet exploiting this unpatched bug, which exists in a product that became end-of-life in 2015 and end-of-support-life in 2019.
"From my perspective, Hoaxcalls is really the only campaign attempting to use this exploit," Smith wrote.
News URL
https://threatpost.com/inside-hoaxcalls-botnet-success-failure/156107/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-04 | CVE-2018-10561 | Improper Authentication vulnerability in Dasannetworks Gpon Router Firmware An issue was discovered on Dasan GPON home routers. | 9.8 |
| 2018-05-04 | CVE-2018-10562 | OS Command Injection vulnerability in Dasannetworks Gpon Router Firmware An issue was discovered on Dasan GPON home routers. | 9.8 |