Mirai Variant MooBot Targeting D-Link Devices


In early August, Unit 42 researchers discovered attacks leveraging several vulnerabilities in devices made by D-Link, a company that specializes in network and connectivity products. The vulnerabilities exploited include:

CVE-2015-2051: D-Link HNAP SOAPAction Header Command Execution Vulnerability
CVE-2018-6530: D-Link SOAP Interface Remote Code Execution Vulnerability
CVE-2022-26258: D-Link Remote Command Execution Vulnerability
CVE-2022-28958: D-Link Remote Command Execution Vulnerability

If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further attacks such as distributed denial-of-service (DDoS) attacks. The exploit attempts captured by Unit 42 researchers leverage the aforementioned vulnerabilities to spread MooBot, a Mirai variant, which targets exposed networking devices running Linux.

Read more…
Source: Palo Alto Unit 42