GPON Home Routers Are Over TheMoon Botnet

Dasan's gigabit-capable passive optical network (GPON) home routers are again the target of zero-day exploits using a new botnet called TheMoon, according to researchers at Qihoo 360 Netlab. While activity of TheMoon botnet emerged in 2014, it's only been seen adding internet of things (IoT) device exploits into its code since 2017, Qihoo 360 Netlab researchers wrote in a 21 May post. TheMoon is the latest to "join the party" of botnets attacking GPON home routers.  Earlier this year, Qihoo 360 Netlab researchers analyzed TheMoon, identifying it as a code for a family of malicious code. Since April 2017, researchers have been monitoring TheMoon family and its evolution. In the most recent attacks, the researchers noted that the attacking payload looks different on TheMoon, which is why they have classified it as a zero-day. "We tested this payload on two different versions of GPON home routers, all work. All these make TheMoon totally different," the researchers wrote.