and Europe,” write researchers from cybersecurity firm Radware, adding that the botnets are primarily targeting internet service providers (ISPs) and hosting providers.
The vulnerability in question, tracked as CVE-2023-9055, affects Zyxel’s network-attached storage (NAS) and firewall products, allowing attackers to execute arbitrary code on targeted devices.
The attackers have been leveraging this vulnerability to compromise Zyxel devices and build a botnet army. Once the devices are compromised, they are used to launch large-scale DDoS attacks against various targets.
These attacks have been ongoing since April 2023 and have hit numerous organizations across different industries. The sheer number of infected Zyxel devices participating in the botnets has allowed the attackers to generate significant amounts of malicious traffic.
The DDoS botnets have been using a variety of attack vectors, including UDP floods, TCP SYN floods, and DNS amplification attacks. These attacks overwhelm the target’s infrastructure, causing it to become unresponsive or even crash.
According to the researchers, the attacks have been especially impactful due to the large number of vulnerable Zyxel devices. The flaw has not been patched by Zyxel, leaving these devices open to exploitation.
In response to the attacks, Radware has released a threat intelligence report detailing the characteristics and behavior of the DDoS botnets. The report aims to provide organizations with the information required to better defend themselves against these attacks.
In conclusion, multiple DDoS botnets have been discovered exploiting a critical vulnerability in Zyxel devices. These botnets have been targeting ISPs and hosting providers. The vulnerability allows attackers to execute arbitrary code on the compromised devices, which they then use to launch large-scale DDoS attacks. The attacks have been ongoing since April 2023 and have impacted numerous organizations. The lack of a patch for the vulnerability has allowed the DDoS botnets to continue their operations. Cybersecurity firm Radware has released a threat intelligence report to help organizations defend against these attacks. Stay vigilant and ensure your devices are up to date to avoid falling victim to these botnets.Original Article: https://thehackernews.com/2023/07/ddos-botnets-hijacking-zyxel-devices-to.html