Only after being warned of potential attacks, Zhaoqin equipment was infected by Mirai virus on a large scale
After the device vulnerability (CVE-2023-28771) patched by Zyxel on April 25 was released in May, security experts warned that the Mirai botnet began to threaten unpatched Zyxel devices to launch attacks. The ShadowServer Foundation, a security nonprofit, has detected that multiple Zhaoqin devices have been used to launch attacks. Since the abused PoC program has been made public, the foundation also expects the attacks to increase further. Zyxel patched the major vulnerability CVE-2023-28771 in firewall and VPN equipment products in April , and urged users to install the new firmware as soon as possible. This vulnerability originates from the IKE packet decryption component in the firmware, which may allow unauthorized attackers to send malicious packets to remotely execute OS commands. It is a major vulnerability with a risk value of 9.8. Last week, the information security company Rapid7 also warned that at least 40,000 firewall devices have been exposed because they have not been updated, and they believe that there will be exploit attacks. Since May 26, more than 700 decoy systems set up by the security nonprofit The ShadowServer Foundation have detected about 3,773 attacks. According to the statistics of the Foundation , the users of Zhaoqin’s firewall and VPN products are the most in France (13,800 units), Italy (13,100 units), the United States (9,300 units), and Switzerland (7,800 units). In addition, they also detect Multiple Zhaoqin devices have been used to launch attacks . Since the abused PoC program has been made public, the foundation also expects the attacks to increase further .