CyberSecurity news
FlagThis
@osint10x.com - 64d
Cybersecurity experts are warning about a surge in activity from two botnets, FICORA and CAPSAICIN, exploiting old vulnerabilities in D-Link routers. These botnets are leveraging decade-old weaknesses in the Home Network Administration Protocol (HNAP) interface to execute malicious commands, propagate malware, and launch DDoS attacks. FICORA, a Mirai variant, targets devices globally, while CAPSAICIN, a Kaiten variant, primarily targets East Asia. The attacks demonstrate the ongoing risks posed by outdated and unpatched network hardware, with the vulnerabilities used having been known for years.
The FICORA botnet uses a downloader script to deploy malware and brute force credentials, using UDP, TCP, and DNS protocols for DDoS attacks. The CAPSAICIN botnet focuses on rapid deployment and actively terminates rival botnet processes on infected devices to maintain control. This botnet sends operating system information to a command and control server awaiting further commands. Researchers advise users to update router firmware, implement thorough monitoring, and use cybersecurity solutions to mitigate the threats posed by these botnets, highlighting the dangers of older devices and the crucial need for regular updates.
ImgSrc: osint10x.com
References :
The FICORA botnet uses a downloader script to deploy malware and brute force credentials, using UDP, TCP, and DNS protocols for DDoS attacks. The CAPSAICIN botnet focuses on rapid deployment and actively terminates rival botnet processes on infected devices to maintain control. This botnet sends operating system information to a command and control server awaiting further commands. Researchers advise users to update router firmware, implement thorough monitoring, and use cybersecurity solutions to mitigate the threats posed by these botnets, highlighting the dangers of older devices and the crucial need for regular updates.
ImgSrc: osint10x.com
Share:
References :
- siliconangle.com: Botnets leverage decade-old D-Link vulnerabilities in new attack campaigns
- : Fortinet : The fun don't stop with end-of-life D-Link products: Botnets like FICORA, a Mirai variant, and CAPSAICIN, a Kaiten variant, are exploiting , , , and . Only CVE-2015-2051 is in CISA's KEV Catalog. Indicators of compromise are provided.
- www.fortinet.com: Fortinet : The fun don't stop with end-of-life D-Link products: Botnets like FICORA, a Mirai variant, and CAPSAICIN, a Kaiten variant, are exploiting , , , and . Only CVE-2015-2051 is in CISA's KEV Catalog. Indicators of compromise are provided.
- The Hacker News: FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks
- osint10x.com: Botnets Continue to Target Aging D-Link Vulnerabilities
- Security Affairs: SecurityAffairs.com article on surge in FICORA and Kaiten botnet activity.
- Cyber Security News: New Botnet Exploits D-Link Routers for Remote Control
- Osint10x: Botnets Continue to Target Aging D-Link Vulnerabilities
- SiliconANGLE: Botnets leverage decade-old D-Link vulnerabilities in new attack campaigns
- : FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks
- ciso2ciso.com: FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks
- cyberpress.org: Researchers observed increased activity from Mirai variant “FICORA” and Kaiten variant “CAPSAICIN” botnets in late 2024 that exploited known vulnerabilities in D-Link devices, such as CVE-2024-33112.
- CyberInsider: Unpatched D-Link routers worldwide targeted by new malware
- ciso2ciso.com: CISO2CISO article on surge in FICORA and Kaiten botnet activity.
- : Experts warn of a surge in activity associated FICORA and Kaiten botnets – Source: securityaffairs.com
- securityonline.info: CVE-2024-33112 and More: How FICORA and CAPSAICIN Botnets Are Exploiting D-Link Devices
- ciso2ciso.com: FICORA, CAPSAICIN Botnets Exploit Old D-Link Router Flaws for DDoS Attacks.
- : FICORA, CAPSAICIN Botnets Exploit Old D-Link Router Flaws for DDoS Attacks – Source:hackread.com
- ciso2ciso.com: FICORA, CAPSAICIN Botnets Exploit Old D-Link Router Flaws for DDoS Attacks – Source:hackread.com
- securityonline.info: CVE-2024-33112 and More: How FICORA and CAPSAICIN Botnets Are Exploiting D-Link Devices
- gbhackers.com: New Botnet Exploiting D-Link Routers To Gain Control Remotely
- Security Risk Advisors: 🚩 Mirai “FICORA” and Kaiten “CAPSAICIN” Botnets Target Decade-Old D-Link Weaknesses
- Techzine Global: Malware botnets abuse outdated D-Link routers
- gbhackers.com: GBHackers article about a new botnet exploiting D-Link routers to gain control remotely.
- sra.io: 🚩 Mirai “FICORA” and Kaiten “CAPSAICIN” Botnets Target Decade-Old D-Link Weaknesses
- supportannouncement.us.dlink.com: D-Link Security Advisory
Classification:
- HashTags: #Botnet #DLink #Mirai
- Company: D-Link
- Target: D-Link Router Users
- Attacker: Unspecified
- Product: D-Link Routers
- Feature: HNAP
- Malware: FICORA/CAPSAICIN
- Type: Botnet
- Severity: Major