ESSGroupBotnets Continue to Target Aging D-Link Vulnerabilities

Botnets Continue to Target Aging D-Link Vulnerabilities

Threat Report: Botnets Continue to Target Aging D-Link Vulnerabilities
Published by AlienVault on 2024-12-31T16:26:24.317Z
A recent threat report published by AlienVault highlights the continued exploitation of long-standing vulnerabilities in D-Link routers by two botnets, FICORA and CAPSAICIN. These botnets have been spreading globally, targeting various Linux architectures and incorporating DDoS attack functions.

FICORA, a Mirai variant, uses a shell script to download and execute malware on affected devices, while CAPSAICIN, likely based on the Keksec group’s botnets, also targets multiple Linux architectures and includes DDoS capabilities. Both botnets exploit weaknesses in the HNAP interface of affected D-Link devices, demonstrating the persistent threat posed by unpatched vulnerabilities.

The attackers use servers in the Netherlands and target countries worldwide, with CAPSAICIN focusing on East Asian countries. Regular device updates and comprehensive monitoring are crucial for mitigating these threats.

Techniques Exploited
The report highlights several techniques exploited by the botnets, including:

System Compromise: Targeting vulnerable D-Link routers.
Data Exfiltration: Stealing sensitive data from compromised devices.
Malware Distribution: Distributing malware through various attack vectors.

Tools and Infrastructure Used
The report also outlines the tools and infrastructure used by the botnets, including:

Shell scripts for malware execution
DDoS capabilities

Recommendations
Based on the threat report, several recommendations can be made for improving cybersecurity posture:

Regularly update device firmware to prevent exploitation of known vulnerabilities.
Implement comprehensive monitoring to detect and respond to suspected threats.
Use strong passwords and enable authentication to prevent unauthorized access.
Monitor network traffic and system logs for suspicious activity.

Resources
The full threat report is available at the following link:

https://www.fortinet.com/blog/threat-research/botnets-continue-to-target-aging-d-link-vulnerabilities

Discover more from ESSGroup

Subscribe to get the latest posts sent to your email.

essadmin

02 Jan 2025

Comment 0

Categoty:
CTI News

Cyber Security

Threat

2FA/MFA

Android

Azure Active Directory

Boot-Net

Insider Threat

IOT

Linux

MacOS

Malware

Browser

Ransomware

USB

Scam

Vulnerability

Windows

Email Security

Phishing

Threat actors (ATP)

Report

Month	Number of Attacks
January	7
February	24
March	8
April	9
May	5
June	3
July	1
August	0
September	1
October	0
November	0
December	0

Sector	Number of Attacks
Business Services	21
Technology	16
Manufacturing	11
Transportation/Logistics	7
Government (Religious Organization)	3

Ransomware Group	Number of Attacks
Lockbit3	23
Blackbasta	20
8base	10
Rhysida	2
Unsafe	2

Sector	Total Data Compromised (GB)
Business Services	15,600
Technology	9,800
Manufacturing	7,200
Transportation/Logistics	3,400
Government (Religious Organization)	500

Like this: