The code aiming for the vulnerabili...
14
07
The code aiming for the vulnerability of the Huawei router is released-"SATORI" botnet is also abused
Exploit codes that can be executed with Huawei routers were released during the holiday season by some hackers.The code was released free of charge to cyber attackers who want to target the router or want to increase the bot network.The code is actually used by the "SATORI" botnet.
According to Ankit Anubhav, a Principal Researcher in Newsky Security, the Explit Code was posted to Pastebin during the holiday season.
SATORI, which has a name derived from Japanese enlightenment, is not a completely new malware, but a more infected "MIRAI" botnet variety that infects IoT equipment.However, recently, it was used to create multiple powerful botnetworks, and the headline of the news was displayed.
MIRAI's common variants scan the vulnerabilities of IoT devices and use default authentication information, while satori exploits known vulnerabilities, including the "CVE-2017-17215" in Huawei.。
According to Newsky Security, the malware code is used not only in the SATORI botnet but also in the "Brickerbot" botnet.The release code used by satori is released, and people who create botnets with copies and paste and script kidi will use it.
The CVE-2017-17215 is a vulnerability in Huawei's home router "HG532" and was created by poor implementation of local network settings.By abusing this vulnerabilities, the attacker can attack the device and execute the code from remote areas, including acts such as sending the SATORI malware as payload.
The vulnerability was directly contacted by Huawei on November 27, 2017 by CHECK POINT researcher and others.Huawei has since released measures against the vulnerability.
Products that have not applied such measures are still vulnerable to this attack and may be assimilated into a new bot network.
"IoT attacks are continuing to module every day. If IoT Exploit can be used freely, the attacker is the attack vector in his own botnet cord.It doesn't take much time to prepare and implement it. "
CHECK POINT researcher and others are convinced that there is a hacker called "Nexus Zeta" behind this code.The hacker was a recent post to Hack Forums and was interested in the compilation method of MIRAI botnet.At present, no direct relationship with the release of the code has been confirmed.
MIRAI Botnet has caused a destructive distributed service obstruction (DDOS) attack on websites, social media platforms, and financial institution networks.The botnet rarely seen in this history shows how powerful the botnet can have.
提供:File photoThis article edited an article from overseas CBS Interactive by Asahi Interactive for Japan.
