A new botnet has joined the GPON party, exploiting an undisclosed zero-day vulnerability in GPON routers. TheMoon botnet, dubbed TheMoon, was first seen in 2014 and has added at least 6 IoT device exploits to its successor versions since 2017. Users can protect their devices by disabling remote administration rights and using a firewall to prevent outside access from the public Internet. In separate research, Trend Micro researchers spotted Mirai-like scanning activity in Mexico, targeting routers that use default usernames and passwords.
Source: https://thehackernews.com/2018/05/hacking-gpon-routers.html