Hackers are utilizing a known vulnerability in device monitoring tool Cacti to install all sorts of malware on vulnerable endpoints, researchers have claimed.
Cybersecurity researchers from The Shadowserver Foundation spotted multiple attempts at delivering various malware via the critical command injection vulnerability, tracked as CVE-2022-46169.
By abusing the flaw, which has a severity rating of 9.8 (critical), threat actors were observed deploying Mirai malware, as well as IRC botnet. Some threat actors were seen simply checking for the vulnerability, possibly in preparation for future attacks.
Thousands of unpatched instances
Mirai is a malware that mostly targets smart home devices running Linux, such as IP cameras and home routers, and assimilates them into the Mirai botnet. The botnet can later be used for Distributed Denial of Service (DDoS) attacks, which can disrupt operations and shut websites down.
The IRC botnet was seen opening a reverse shell on the host and having it scan the endpoint’s ports.
In total, roughly 10 exploitation attempts were seen in the last week.
A Censys report claims there are more than 6,000 unpatched Cacti instances reachable over the internet, while adding that more than 1,600 are unpatched and thus vulnerable.
Read more
Mirai botnet now targeting critical flaw in thousands of routers
