Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy Mirai variants on compromised systems.

“Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers,” Palo Alto Networks’ Unit 42 Threat Intelligence Team said in a write-up.

The rash of vulnerabilities being exploited include:

  • VisualDoor — a SonicWall SSL-VPN remote command injection vulnerability that came to light earlier this January
  • CVE-2020-25506 – a D-Link DNS-320 firewall remote code execution (RCE) vulnerability
  • CVE-2021-27561 and CVE-2021-27562 – Two vulnerabilities in Yealink Device Management that allow an unauthenticated attacker to run arbitrary commands on the server with root privileges
  • CVE-2021-22502 – an RCE flaw in Micro Focus Operation Bridge Reporter (OBR), affecting version 10.40
  • CVE-2019-19356 – a Netis WF2419 wireless router RCE exploit, and
  • CVE-2020-26919 – a Netgear ProSAFE Plus RCE vulnerability

Also included in the mix are three previously undisclosed command injection vulnerabilities that…

http://feedproxy.google.com/~r/TheHackersNews/~3/80_YoxS7Ydw/new-mirai-variant-and-zhtrap-botnet.html

Leave a Reply