D-Link Devices Targeted by Mirai and Keksec Botnet Variants

By /

Listen to this Post

2024-12-27

In late 2024, FortiGuard Labs researchers observed a surge in activity associated with two botnets targeting vulnerabilities in D-Link devices. These botnets, FICORA, a variant of Mirai, and CAPSAICIN, a variant of the Keksec botnet family, exploit vulnerabilities in D-Link devices, particularly through the HNAP interface, allowing remote command execution.

The article discusses these botnets and the vulnerabilities they exploit. It also details the researchers’ observations on the botnet campaigns including the targeted regions and the malware’s functionalities.

What Undercode Says:

These botnet campaigns targeting D-Link devices are a cause for concern. While the vulnerabilities exploited by these botnets have been patched for almost a decade, they continue to be leveraged by attackers due to lack of patching on devices. This highlights the importance of keeping device firmware up to date and implementing comprehensive security practices.

Here’s a breakdown of the botnets and the vulnerabilities they exploit:

FICORA Botnet

This botnet is a variant of the infamous Mirai botnet. It targets vulnerabilities in D-Link devices and uses various methods to download and execute malware. The malware includes DDoS attack capabilities using multiple protocols such as UDP, TCP, and DNS.

CAPSAICIN Botnet

This botnet appears to be a variant of the Keksec group’s botnets. It uses a downloader script to fetch the bot and connects to its C2 server, sending the victim’s OS information and a unique nickname back to the server. The malware likely targets various Linux architectures.

Vulnerabilities Exploited

The botnets exploit several vulnerabilities in D-Link devices, including CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112. These vulnerabilities have been patched by D-Link, but many devices remain unpatched, leaving them vulnerable to attack.

Recommendations

To protect against these botnets, it is crucial to keep D-Link devices updated with the latest firmware patches. Additionally, implementing comprehensive security practices such as network segmentation and intrusion detection systems can help to mitigate the risk of botnet infections.

References:

Reported By: Securityaffairs.com
https://www.twitter.com
Wikipedia: https://www.wikipedia.org
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Explore More: