A new variant of the Hoaxcalls botnet, which can be marshalled for large-scale distributed denial-of-service (DDoS) campaigns, is spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month. The bug has not been addressed in a ZyXel advisory. Within 48 hours of discovery, there were 15 unique IP addresses hosting the malware. Within this week, on April 20, researchers spotted a third version of the malware being disseminated from 75 different servers.
Source: https://threatpost.com/fast-moving-ddos-botnet-unpatched-zyxel-rce-bug/155059/