Mirai Botnet Targets Flaw in Discontinued D-Link Routers
Summary
The Mirai botnet has been observed exploiting a command injection vulnerability in older, discontinued D-Link routers. This exploitation began approximately one year after the vulnerability was publicly disclosed and proof-of-concept exploit code became available.
IFF Assessment
FOE
The Mirai botnet is actively exploiting a vulnerability, indicating a threat to vulnerable devices and the potential for botnet expansion.
Defender Context
This incident highlights the persistent threat posed by botnets like Mirai, which actively scan for and exploit known vulnerabilities, even in legacy or discontinued hardware. Defenders must prioritize inventorying and patching or segmenting older network devices, as they can become entry points for broader attacks.