Security researchers from Qihoo 360 Netlab possess got warned of at to the lowest degree 1 botnet operator exploiting a novel zero-day vulnerability inward the Gigabit-capable Passive Optical Network (GPON) routers, manufactured past times South Korea-based DASAN Zhone Solutions.
The botnet, dubbed TheMoon, which was outset seen inward 2014 together with has added at to the lowest degree half dozen IoT device exploits to its successor versions since 2017, straightaway exploits a newly undisclosed zero-day flaw for Dasan GPON routers.
Netlab researchers successfully tested the novel assail payload on 2 dissimilar versions of GPON abode router, though they didn't expose details of the payload or unloose whatsoever farther details of the novel zero-day vulnerability to forbid to a greater extent than attacks.
TheMoon botnet gained headlines inward the twelvemonth 2015-16 afterward it was constitute spreading malware to a large release of ASUS together with Linksys router models using remote code execution (RCE) vulnerabilities.
Other Botnets Targeting GPON Routers
As detailed inward our previous post, the 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, together with Satori, possess got been constitute exploiting an authentication bypass (CVE-2018-10561) together with a root-RCE (CVE-2018-10562) flaws inward GPON routers.
Shortly afterward the details of the vulnerabilities went public, a working proof-of-concept (PoC) exploit for GPON router vulnerabilities made available to the public, making its exploitation easier for fifty-fifty unskilled hackers.
In split research, Trend Micro researchers spotted Mirai-like scanning action inward Mexico, targeting GPON routers that purpose default usernames together with passwords.
"Unlike the previous activity, the targets for this novel scanning physical care for are distributed," Trend Micro researchers said. "However, based on the username together with password combinations nosotros constitute inward our data, nosotros concluded that the target devices notwithstanding consist of abode routers or IP cameras that purpose default passwords."
How to Protect Your Wi-Fi Router From Hacking
The previously disclosed 2 GPON vulnerabilities had already been reported to DASAN, but the fellowship hasn't yet released whatsoever fix, leaving millions of their customers opened upwardly to these botnet operators.
So, until the router manufacturer releases an official patch, users tin protect their devices past times disabling remote direction rights together with using a firewall to forbid exterior access from Blue Planet Internet.
Making these changes to your vulnerable routers would confine access to the local network only, inside the arrive at of your Wi-Fi network, hence effectively reducing the assail surface past times eliminating remote attackers.
We volition update this article alongside novel details, equally presently equally they are available. Stay Tuned!
