A vulnerability in Zyxel devices, previously exploited in Denmark’s critical infrastructure, has resurfaced with increased attack attempts, possibly linked to a Mirai botnet. Organizations should ensure devices are patched and monitor for suspicious activity to prevent further compromise. #CVE-2023-28771 #MiraiBotnet
Keypoints
- The vulnerability CVE-2023-28771 affects Zyxel devices and allows remote command execution.
- Initial attacks occurred in May 2023, targeting Danish energy organizations and others.
- Recent exploit attempts have increased, with new activity observed from IPs that had not previously interacted with the vulnerability.
- The attack campaign is suspected to be linked to a Mirai botnet variant.
- Organizations are advised to patch devices, implement network filtering, and monitor for unusual behavior.
Read More: https://www.securityweek.com/zyxel-firewall-vulnerability-again-in-attacker-crosshairs/