Các bài viết liên quan:
A variant of botnet Mirai called MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by leveraging multiple exploits.
“If devices are compromised, they will be completely controlled by attackers, who can use those devices to launch further attacks such as denial of service (DDoS) attacks. ) distributed,” Palo Alto Networks Unit 42 said in a report Tuesday.
MooBot, first revealed by Qihoo 360’s Netlab team in September 2019, had previously targeted LILIN digital video recorders and Hikvision video surveillance products to expand its network. .
In the latest wave of attacks discovered by Unit 42 in early August 2022, as many as four different vulnerabilities in D-Link devices, both old and new, paved the way for the deployment of MooBot models. . Including –
CVE-2015-2051 (CVSS Score: 10.0) – D-Link HNAP SOAPA Action Header Command Execution Vulnerability
CVE-2018-6530 (CVSS Score: 9.8) – Vulnerability remote code execution on the D-Link SOAP . interface
CVE-2022-26258 (CVSS Score: 9.8) – D-Link Remote Command Execution Vulnerability and
CVE-2022-28958 (CVSS Score: 9.8) – D-Link Remote Command Execution Vulnerability
Successful exploitation of the aforementioned vulnerabilities could lead to remote code execution and retrieval of the MooBot payload from the remote server, which then parses the command from the command and control server (C2) to initiate a call. DDoS attack on a specific IP address and port number.
Customers of D-Link devices are recommended to apply patches and upgrades released by the company to mitigate potential threats.
“Vulnerabilities” […] When attackers gain control in this way, they can take advantage by introducing newly compromised devices, the researchers said. botnet them to launch further attacks such as DDoS. “
.
