Multiple Zyxel firewall devices unpatched against the critical vulnerability, tracked as CVE-2023-28771, have been targeted by numerous distributed denial-of-service botnets, including the Mirai-based Dark.IoT and novel Katana botnets, reports The Hacker News.
Attacks exploiting the flaw, which could be leveraged for arbitrary code execution, have been detected in North America, Central America, South Asia, and East Asia, a report from Fortinet FortiGuard Labs revealed.
"It appears that this campaign utilized multiple servers to launch attacks and updated itself within a few days to maximize the compromise of Zyxel devices," said researcher Cara Lin.
The findings come after the vulnerability was reported by the Shadowserver Foundation to have been used to establish a Mirai-like botnet since at least May 26. DDoS attacks were also recently noted by Cloudflare to have significantly increased in sophistication during the second quarter of this year, while Mandiant attributed escalated DDoS attacks to the growing activity of Russian hacktivist groups such as KillNet.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news