CVE-2023-28771

Vulnerability updated a month ago (2024-11-29T14:50:30.488Z)

Download STIX

Preview STIX

CVE-2023-28771 is a software vulnerability, specifically a command injection flaw, in Zyxel ZyWALL firewalls. The vulnerability was detected by FortiGuard Labs in June 2023 when it was being exploited by several Distributed Denial of Service (DDoS) botnets. It's worth noting that this vulnerability had a significant global impact, affecting 43% of organizations worldwide. Check Point IPS, Harmony Endpoint, and Threat Emulation provide protection against threats exploiting this vulnerability. In May 2023, around 22 Danish energy organizations were targeted in two distinct waves of cyberattacks, one of which exploited CVE-2023-28771. The initial breach and reconnaissance started on May 11, with the attackers exploiting the vulnerability at 16 companies. Research from cybersecurity firm ForeScout challenged the attribution of these attacks to Sandworm, suggesting instead two separate waves of attacks - one exploiting CVE-2023-28771 and another using Mirai botnet variants on infected hosts as an access point. To gain access to victims' networks, threat actors exploited several Remote Command Execution (RCE) vulnerabilities in Zyxel firewalls, including CVE-2023-28771, which was patched by the vendor in April 2023. These intrusions underline the importance of timely patching and maintaining up-to-date security systems. Despite the patch being available, the continued exploitation of this vulnerability indicates a lag in its application across many organizations, leading to substantial security risks.

Description last updated: 2024-05-04T17:55:38.189Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Zyxel

Exploit

Ddos

Botnet

Fortiguard

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Mirai Malware is associated with CVE-2023-28771. Mirai is a type of malware that primarily targets Internet of Things (IoT) devices, converting them into a botnet, which is then used to launch Distributed Denial of Service (DDoS) attacks. In early 2022, Mirai botnets accounted for over seven million detections worldwide, though there was a 9% quar	Unspecified	2

Source Document References

Information about the CVE-2023-28771 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Forescout research uncovers new evidence tied to energy sector cyberattacks in Denmark
CISA	5 months ago	North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs \| CISA
CERT-EU	a year ago	Water nonprofit targeted, Denmark energy update, SEC X update \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	Forescout Report Uncovers New Details in Danish Energy Hack
Securityaffairs	a year ago	Attacks against Denmark 's energy sector were not carried out by Russia-linked APT
CERT-EU	a year ago	New Findings Challenge Attribution in Denmark’s Energy Sector Cyberattacks – GIXtools
CERT-EU	a year ago	Cyber Security Week In Review: January 12, 2024
CERT-EU	a year ago	December 2023's Most Wanted Malware : The Resurgence of Qbot and FakeUpdates – Global Security Mag Online
CERT-EU	a year ago	Infographic: A History of Network Device Threats and What Lies Ahead
CERT-EU	a year ago	Infographic: A History of Network Device Threats and What Lies Ahead \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	Cyber Security Week In Review: November 17, 2023
CERT-EU	a year ago	Denmark Encounters Largest Cyber Attack on Its Critical Infrastructure to Date
CERT-EU	a year ago	Ongoing cyberattack against Denmark is country's largest ever
InfoSecurity-magazine	a year ago	Sandworm Linked to Attack on Danish Critical Infrastructure
DARKReading	a year ago	Danish Energy Attacks Portend Targeting More Critical Infrastructure
CERT-EU	a year ago	Danish energy sector hit by a wave of coordinated cyberattacks - Help Net Security
Securityaffairs	a year ago	Danish critical infrastructure hit by the largest cyber attack in Denmark's history
CERT-EU	a year ago	22 Energy Firms Hacked in Largest Coordinated Attack on Denmark’s Critical Infrastructure
CERT-EU	a year ago	More than 20 Danish energy firms compromised in a large-scale cyberattack
CERT-EU	a year ago	Denmark Hit With Largest Cyberattack on Record