Security News > 2023 > January > Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices

Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices
2023-01-30 09:30

According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months.

What's more, 95% of the attacks leveraging the security shortcoming that emanated from Russia singled out organizations in Australia.

"Many of the attacks we observed tried to deliver malware to infect vulnerable IoT devices," Unit 42 researchers said in a report, adding "Threat groups are using this vulnerability to carry out large-scale attacks on smart devices around the world."

The vulnerability impacts a wide range of devices from D-Link, LG, Belkin, Belkin, ASUS, and NETGEAR. Unit 42 said it discovered three different kinds of payloads distributed as a result of in-the-wild exploitation of the flaw -.

The malware, once launched, is equipped to run operating system commands and mount DDoS attacks.

"The surge of attacks leveraging CVE-2021-35394 shows that threat actors are very interested in supply chain vulnerabilities, which can be difficult for the average user to identify and remediate," the researchers concluded.


News URL

https://thehackernews.com/2023/01/realtek-vulnerability-under-attack-134.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-08-16 CVE-2021-35394 Unspecified vulnerability in Realtek Jungle SDK
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary.
network
low complexity
realtek
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Realtek 40 3 16 35 6 60