Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet

Thousands of devices, including D-Link and Zyxel gear, remain vulnerable to takeover despite the availability of patches for the several bugs being exploited by IZ1H9 campaign.

Dark Reading Staff, Dark Reading

October 9, 2023

1 Min Read
Internet of Things devices concept art
Source: Andrey Suslov via Alamy Stock Photo

Nimble and able to pivot on the fly to take advantage of emerging vulnerabilities, a campaign named IZ1H9 has ramped up its malware development to target a range of unpatched router and Internet of Things (IoT) devices and add them to a widening botnet used to launch targeted distributed denial-of-service (DDoS) cyberattacks.

Researchers from FortiGuard Labs flagged the campaign, which was recently updated with 13 new payloads leveraging known vulnerabilities in D-Link devices; Netis wireless routers; Sunhillo SureLine; Geutebruck IP cameras; and Yealink Device Management, Zyxel devices, TP-Link Artcher, Korenix Jetwave, and Totolink routers.

"Based on the trigger counts recorded by our IPS signatures, it is evident that peak exploitation occurred on Sept. 6, with trigger counts ranging from the thousands to even tens of thousands," the report said. "This highlights the campaign's capacity to infect vulnerable devices and dramatically expand its botnet through the swift utilization of recently released exploit code, which encompasses numerous CVEs."

Fortinet recommends organizations apply patches and change default login credentials to prevent further attacks.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights