A few weeks ago three young people under 21 pleaded guilty to creating and implementing the Mirai botnet. Although the participation of the founders ceased in 2016, the malware code was disseminated over the internet, which has become increasingly sophisticated over the months.
Also some time ago Reaper IoT became popular, a botnet that a few months ago had captured millions of IP security cameras and routers, which contained parts of the Mirai code. Now, another zombie network has appropriated the routers of the Huawei company, taking advantage of a day 0 vulnerability and just the Mirai code.
The network in question is nicknamed Satori or Okiku and was discovered by the security researchers of the firm Check Point, who did a thorough job to conclude that the strong point of the botnet is to attack the popular Huawei HG532 model, used in offices and homes . It can be used for denial of service attacks, among other activities.
The 0 day vulnerability was already registered as CVE-2017-17215 and allows the control of the exploited devices. According to the report of the same firm, the attacks have been detected in all parts of the world, exceeding 200 thousand and affecting mainly the United States, Italy, Germany and Egypt.
The researchers called on Huawei to take responsibility for the vulnerability, and recently the company confirmed the problem and issued an updated security message to its customers.
Users can defend against this flaw by changing the default credentials, making use of the next-generation firewall, Huawei NGFW, and keeping the device updated.