Blog | G5 Cyber Security

Hackers start exploiting the new backdoor in Zyxel devices

Threat actors are actively scanning the Internet for open SSH devices and trying to login to them using a new recently patched Zyxel hardcoded credential backdoor. One of the IP addresses is using the built-in SSH client of Cobalt Strike to perform the scans. GreyNoise CEO Andrew Morris told BleepingComputer that the actor might be scanning this way to evade threat intelligence vendors. The actor is using Cobalt strike’s SSH client exclusively through Tor to avoid threat intelligence vendor detection. ZyxEl released the ‘ZLD V4 V460 Patch 1’ last month that removes the backdoor accounts on firewall devices.

Source: https://www.bleepingcomputer.com/news/security/hackers-start-exploiting-the-new-backdoor-in-zyxel-devices/

Exit mobile version