AT&T Alien Labs observed a spike in exploitation attempts for Tenda Remote Code Execution (RCE) vulnerability CVE-2020-10987. This vulnerability is not commonly used by web scanners and was barely detected by our honeypots during the last six months, except for a minor peak in November. A single actor was identified to be behind these scans in late March at the time, the actor appeared to have no previous activity. Cyberium malware hosting domain has been serving Mirai variants for several known, but different botnets over the past year.”]

