216.73.216.75

Warning of a surge in activity associated with FICORA and Kaiten botnets

· Published 27/12/2024 15:52 · Modified 27/12/2024 17:21

Export JSON

Essential information

Published
27/12/2024 15:52
Modified
27/12/2024 17:21
Tags
2024-12-27 CVE-2015-2051 CVE-2019-10891 CVE-2022-37056 CVE-2024-33112 botnet capsaicin d-link ficora kaiten linux mirai
Related entities
4 vulnerabilities (cve), 2 observables, 6 techniques (mitre), 2 malware

Description

FortiGuard Labs researchers observed increased activity from two botnets in late 2024: the variant '' and the variant ''. Both target vulnerabilities in devices, particularly through the HNAP interface, allowing remote command execution. The downloads and executes a shell script to infect systems, while uses a downloader script to target various architectures. includes DDoS capabilities using multiple protocols. appears to be a variant of Keksec group botnets. The attacks exploit vulnerabilities that were patched years ago, highlighting the importance of regular device updates and monitoring.

External references