Attackers are exploiting a new critical Zyxel flaw previously used to breach Denmark’s energy sector.

GreyNoise spotted a new wave of 244 hacking attempts on June 16 aimed at CVE-2023-28771, the same bug attackers used in 2023 to break into 22 Danish energy companies. This round targets networks in the U.S., U.K., Spain, Germany, and India, and appears to come from a Mirai-style botnet sending traffic on port 500. Zyxel users should apply the official patch, limit or block port 500, and keep an eye out for strange device activity.

Read more:

https://www.securityweek.com/zyxel-firewall-vulnerability-again-in-attacker-crosshairs/