Security News > 2023 > July > DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks

Several distributed denial-of-service botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems.

"Through the capture of exploit traffic, the attacker's IP address was identified, and it was determined that the attacks were occurring in multiple regions, including Central America, North America, East Asia, and South Asia," Fortinet FortiGuard Labs researcher Cara Lin said.

The latest findings from Fortinet suggest that the shortcoming is being opportunistically leveraged by multiple actors to breach susceptible hosts and corral them into a botnet capable of launching DDoS attacks against other targets.

This comprises Mirai botnet variants such as Dark.IoT and another botnet that has been dubbed Katana by its author, which comes with capabilities to mount DDoS attacks using TCP and UDP protocols.

The disclosure comes as Cloudflare reported an "Alarming escalation in the sophistication of DDoS attacks" in the second quarter of 2023, with threat actors devising novel ways to evade detection by "Adeptly imitating browser behavior" and keeping their attack rates-per-second relatively low.

Adding to the complexity is the use of DNS laundering attacks to conceal malicious traffic via reputable recursive DNS resolvers and virtual machine botnets to orchestrate hyper-volumetric DDoS attacks.

News URL

https://thehackernews.com/2023/07/ddos-botnets-hijacking-zyxel-devices-to.html