Researchers at Check Point have discovered a zero-day vulnerability in Huawei home router HG532. Thousands of attempts have been made to exploit the flaw in the wild, most significantly in the United States, Italy, Germany, and Egypt.
Analysts picked up on suspicious security alerts from sensors and honeypots, which pointed to attacks exploiting an unknown vulnerability in HG532 routers. The attackers' goal was to create an updated variant of the Mirai botnet, which caused infrastructure damage around the world in 2016.
Huawei applies the Universal Plug and Play protocol, via the TR-064 technical report standard, to simplify integration of its Home Gateway router in homes and businesses. Researchers learned the TR-064 implementation in Huawei products lets remote attackers execute arbitrary commands on the devices. In this case, they were injecting OKIRU/SATORI malware to build a new variant of Mirai.
It seems an amateur attacker under the nickname "Nexus Zeta" is responsible. The actor had been active on hacker forums researching the process for building this type of tool.
Read more details here.