BF-SIRT Newsletter 2018-28
Botnet built with one exploit only
This new botnet has been spotted this week by security researchers from NewSky Security, and their findings have been confirmed by Qihoo 360 Netlab, Rapid7, and Greynoise.
The botnet has been built by exploiting a vulnerability in Huawei HG532 routers, tracked as CVE-2017-17215.
Botnet author is a known threat actor
The botnet herder identified himself with the pseudonym “Anarchy.” Answering inquiries from both Anubhav and Bleeping Computer, Anarchy did not provide a reason why he created the botnet.
But Anubhav believes Anarchy may actually be a hacker who previously identified as Wicked, which Anubhav interviewed on NewSky’s blog and Fortinet featured in a report here.
But the real problem here is not a malware author doing what he does best. The problem is the relative ease with which Anarchy built a gigantic botnet within one day.
He didn’t do it with a zero-day or some vulnerability that had not been exploited before. He did so with a high-profile vulnerability that many botnets have exploited before.
Top 5 Security links
Public By Default: What Venmo (and the Whole World) Knows About You
Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs
Sextortion scam knows your password, but don’t fall for it
Director of National Intelligence warns of devastating cyber threat to US infrastructure