CVE-2023-28771

Vulnerability updated 4 months ago (2024-05-04T20:55:43.330Z)

Download STIX

Preview STIX

CVE-2023-28771 is a software vulnerability, specifically a command injection flaw, in Zyxel ZyWALL firewalls. The vulnerability was detected by FortiGuard Labs in June 2023 when it was being exploited by several Distributed Denial of Service (DDoS) botnets. It's worth noting that this vulnerability had a significant global impact, affecting 43% of organizations worldwide. Check Point IPS, Harmony Endpoint, and Threat Emulation provide protection against threats exploiting this vulnerability. In May 2023, around 22 Danish energy organizations were targeted in two distinct waves of cyberattacks, one of which exploited CVE-2023-28771. The initial breach and reconnaissance started on May 11, with the attackers exploiting the vulnerability at 16 companies. Research from cybersecurity firm ForeScout challenged the attribution of these attacks to Sandworm, suggesting instead two separate waves of attacks - one exploiting CVE-2023-28771 and another using Mirai botnet variants on infected hosts as an access point. To gain access to victims' networks, threat actors exploited several Remote Command Execution (RCE) vulnerabilities in Zyxel firewalls, including CVE-2023-28771, which was patched by the vendor in April 2023. These intrusions underline the importance of timely patching and maintaining up-to-date security systems. Despite the patch being available, the continued exploitation of this vulnerability indicates a lag in its application across many organizations, leading to substantial security risks.

Description last updated: 2024-05-04T17:55:38.189Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Zyxel

Exploit

Ddos

Botnet

Fortiguard

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Mirai	Unspecified	2	Mirai is a type of malware that specifically targets Internet of Things (IoT) devices such as smart speakers, cameras, and connected home equipment. It exploits weak Telnet (port 23) and SSH (port 22) credentials to gain control over these devices. Once infected, these devices are then incorporated

Source Document References

Information about the CVE-2023-28771 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	8 months ago	Forescout research uncovers new evidence tied to energy sector cyberattacks in Denmark
CISA	a month ago	North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs \| CISA
CERT-EU	8 months ago	Water nonprofit targeted, Denmark energy update, SEC X update \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	Forescout Report Uncovers New Details in Danish Energy Hack
Securityaffairs	8 months ago	Attacks against Denmark 's energy sector were not carried out by Russia-linked APT
CERT-EU	8 months ago	New Findings Challenge Attribution in Denmark’s Energy Sector Cyberattacks – GIXtools
CERT-EU	8 months ago	Cyber Security Week In Review: January 12, 2024
CERT-EU	8 months ago	December 2023's Most Wanted Malware : The Resurgence of Qbot and FakeUpdates – Global Security Mag Online
CERT-EU	8 months ago	Infographic: A History of Network Device Threats and What Lies Ahead
CERT-EU	8 months ago	Infographic: A History of Network Device Threats and What Lies Ahead \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	10 months ago	Cyber Security Week In Review: November 17, 2023
CERT-EU	10 months ago	Denmark Encounters Largest Cyber Attack on Its Critical Infrastructure to Date
CERT-EU	10 months ago	Ongoing cyberattack against Denmark is country's largest ever
InfoSecurity-magazine	10 months ago	Sandworm Linked to Attack on Danish Critical Infrastructure
DARKReading	10 months ago	Danish Energy Attacks Portend Targeting More Critical Infrastructure
CERT-EU	10 months ago	Danish energy sector hit by a wave of coordinated cyberattacks - Help Net Security
Securityaffairs	10 months ago	Danish critical infrastructure hit by the largest cyber attack in Denmark's history
CERT-EU	10 months ago	22 Energy Firms Hacked in Largest Coordinated Attack on Denmark’s Critical Infrastructure
CERT-EU	10 months ago	More than 20 Danish energy firms compromised in a large-scale cyberattack
CERT-EU	10 months ago	Denmark Hit With Largest Cyberattack on Record