People's Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations
Essential information
- Published
- 02/10/2024 12:14
- Modified
- 02/10/2024 13:00
- Tags
- 2024-10-02 CVE-2023-3519 CVE-2023-35843 CVE-2023-35885 CVE-2023-36542 CVE-2023-36844 CVE-2023-37582 CVE-2023-38035 CVE-2023-3852 CVE-2023-38646 CVE-2023-43478 CVE-2023-46604 CVE-2023-46747 CVE-2023-47218 CVE-2023-50386 CVE-2024-21762 CVE-2024-29269 CVE-2024-29973 CVE-2024-4577 CVE-2024-5217 botnet china cyber espionage ddos iot mirai network compromise routers
- Related entities
- 66 vulnerabilities (cve), 169 observables, 1 intrusion sets (apt), 15 techniques (mitre), 1 malware, 22 others
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (66)
fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and …
- Attack vector
- ADJACENT_NETWORK
- Published
- 20/09/2023
- Modified
- 21/12/2025
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. …
- Attack vector
- NETWORK
- Published
- 12/07/2023
- Modified
- 21/12/2025
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated …
- Attack vector
- NETWORK
- Published
- 29/07/2023
- Modified
- 21/12/2025
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
- Attack vector
- NETWORK
- Published
- 20/06/2023
- Modified
- 21/12/2025
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server …
- Attack vector
- NETWORK
- Published
- 19/06/2023
- Modified
- 21/12/2025
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the …
- Attack vector
- Network
- Published
- 31/07/2023
- Modified
- 14/01/2026
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a …
- Attack vector
- NETWORK
- Published
- 01/08/2023
- Modified
- 21/12/2025
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in …
- Attack vector
- NETWORK
- Published
- 29/06/2023
- Modified
- 21/12/2025
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special …
- Attack vector
- NETWORK
- Published
- 28/11/2023
- Modified
- 21/12/2025
Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.
- Attack vector
- NETWORK
- Published
- 07/06/2023
- Modified
- 21/12/2025
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can …
- Attack vector
- NETWORK
- Published
- 19/07/2023
- Modified
- 21/12/2025
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute …
- Attack vector
- NETWORK
- Published
- 01/07/2023
- Modified
- 21/12/2025
Observables (169)
-
37.9.35.91 -
222.186.48.204 -
222.186.48.201 -
208.85.16.100 -
45.80.215.153 -
92.38.185.47 -
92.38.185.46 -
92.38.185.44 -
92.38.185.43 -
92.38.176.156 -
91.216.190.80 -
91.216.190.74
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (15)
-
Brute Force MITRE
-
System Network Configuration Discovery MITRE
-
System Information Discovery MITRE
-
File and Directory Discovery MITRE
-
Active Scanning MITRE
-
Exploitation of Remote Services MITRE
-
Network Denial of Service MITRE
-
Endpoint Denial of Service MITRE
-
User Execution MITRE
-
Impair Defenses MITRE
-
Exploit Public-Facing Application MITRE
-
External Remote Services MITRE
Malware (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Others (22)
-
British Indian Ocean Territory
-
Albania
-
South Africa
-
Hong Kong
-
Bangladesh
-
India
-
Lithuania
-
Australia
-
China
-
Netherlands
-
Poland
-
Spain