Multiple DDoS botnets are actively targeting a vulnerability in Zyxel firewalls, despite patches being available since April. Tracked as CVE-2023-28771, the flaw allows remote execution of OS commands due to improper error message handling. After a public exploit release in June, attacks exploiting the vulnerability have surged, with botnets like Dark.IoT and a Mirai variant using scripts to target Zyxel devices. The attackers update the execution files frequently, indicating a well-organized campaign to compromise these devices and potentially execute further attacks, including DDoS. Fortinet warns of the significant risks posed by exposed vulnerabilities in such devices, as attackers can incorporate them into their botnets and use them for malicious purposes.
Read more: https://www.securityweek.com/multiple-ddos-botnets-exploiting-recent-zyxel-vulnerability/