. home.aspx



Attackers Go After GPON Routers, Again

July 23, 2018 / Kacy Zurkus

Using automated analysis via a Python script, researchers at eSentire observed an increase in exploitation attempts on gigabit passive optical network (GPON) routers. Though the router attacks had declined since the surge reported back in June, the researchers identified a new, coordinated weaponization campaign targeting D-Link routers on 20 July. The company reported a botnet recruitment campaign being launched and saw a surge of exploit attempts from over 3,000 different source IPs, introducing a variation of the OS command injection attack against the 2750B D-Link router. “A sample of packets from various source IPs involved in this event pointed to a single C2 server hosting malware that appeared. VirusTotal results for the malware indicated similarities with the Mirai botnet. Variants of Mirai code have been spotted in the Satori botnet,” researchers wrote. While none of these exploits appeared to be successful in corporate environments, likely because they lack consu...