On June 16, researchers observed concentrated burst of exploit attempts within a short time window targeting CVE-2023-28771 — a remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders over UDP port 500.
The researchers also identified indicators consistent with Mirai botnet variants. More details can be found here: https://www.greynoise.io/blog/exploit-attempts-targeting-zyxel-cve-2023-28771
Martin Jartelius, CISO at cybersecurity company Outpost24, commented:
“This was added to the CISA Known Exploited vulnerabilities list on May 31, 2023 requiring agencies to have it resolved before June 21 that same year. The activity observed appears to be Mirai botnet activity.
As the vulnerability has been extensively targeted before, for someone to fall victim now, they would have had to obtain a vulnerable device, deploy it without updates, and expose it to the internet, even though it’s in a known vulnerable state. One would almost say that the chain of incompetence needed to be victimized at this point is borderline impressive, but of course it can happen. This, however, is not the vulnerability we should all wake up and worry about today. In fact, if you were worried about it, you would have fixed it years ago.”
Though I shouldn’t be shocked, I am often shocked by what people would do. Such as taking a known to be vulnerable piece of networking gear, expose it to the Internet and hope for the best. It’s bad enough that there are bad guys out there who are out to get you. But it is worse when you make it easy for them to pwn you.
Like this:
Like Loading...
Related
This entry was posted on June 17, 2025 at 4:02 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Critical Zyxel Vulnerability Is Being Actively Exploited
On June 16, researchers observed concentrated burst of exploit attempts within a short time window targeting CVE-2023-28771 — a remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders over UDP port 500.
The researchers also identified indicators consistent with Mirai botnet variants. More details can be found here: https://www.greynoise.io/blog/exploit-attempts-targeting-zyxel-cve-2023-28771
Martin Jartelius, CISO at cybersecurity company Outpost24, commented:
“This was added to the CISA Known Exploited vulnerabilities list on May 31, 2023 requiring agencies to have it resolved before June 21 that same year. The activity observed appears to be Mirai botnet activity.
As the vulnerability has been extensively targeted before, for someone to fall victim now, they would have had to obtain a vulnerable device, deploy it without updates, and expose it to the internet, even though it’s in a known vulnerable state. One would almost say that the chain of incompetence needed to be victimized at this point is borderline impressive, but of course it can happen. This, however, is not the vulnerability we should all wake up and worry about today. In fact, if you were worried about it, you would have fixed it years ago.”
Though I shouldn’t be shocked, I am often shocked by what people would do. Such as taking a known to be vulnerable piece of networking gear, expose it to the Internet and hope for the best. It’s bad enough that there are bad guys out there who are out to get you. But it is worse when you make it easy for them to pwn you.
Share this:
Like this:
Related
This entry was posted on June 17, 2025 at 4:02 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.