The IZ1H9 campaign, based on the Mirai botnet, has recently expanded its range of exploits to target various devices, including D-Link [1], Netis [1] [2], Sunhillo SureLine [1] [2], Geutebruck [1] [2], Yealink [1] [2], Zyxel [1] [2], TP-Link Archer [1] [2], Korenix Jetwave [1] [2], and TOTOLINK routers [2]. This campaign has demonstrated a significant ability to infect vulnerable devices and grow its botnet by utilizing recently released exploit code, which includes multiple CVEs [2].

Description

The IZ1H9 campaign, which is based on the Mirai botnet, has recently expanded its range of exploits. It now targets devices such as D-Link, Netis [1] [2], Sunhillo SureLine [1] [2], Geutebruck [1] [2], Yealink [1] [2], Zyxel [1] [2], TP-Link Archer [1] [2], Korenix Jetwave [1] [2], and TOTOLINK routers [2]. This campaign has proven to be highly effective in infecting vulnerable devices and increasing the size of its botnet. It achieves this by leveraging recently released exploit code, which includes multiple CVEs [2]. On September 6 [2], the exploitation reached its peak, with trigger counts ranging from thousands to tens of thousands [2]. It is important to note that changing default login credentials is crucial in order to prevent attacks. Fortinet has provided patches to address these vulnerabilities [2].

Conclusion

The IZ1H9 campaign, utilizing the Mirai botnet, has expanded its exploits to target a wide range of devices. Its ability to infect vulnerable devices and grow its botnet has been demonstrated through the use of recently released exploit code. The peak of the exploitation occurred on September 6 [2], with significant trigger counts. To prevent attacks [2], it is crucial to change default login credentials [2]. Fortinet has provided patches to address these vulnerabilities [2]. Moving forward, it is important for users to remain vigilant and implement necessary mitigations to protect their devices from such campaigns.

References

[1] https://www.darkreading.com/cloud/patch-now-massive-rce-campaign-d-link-zyxel-botnet
[2] https://www.cybersecurity-review.com/news-october-2023/iz1h9-campaign-enhances-its-arsenal-with-scores-of-exploits/