Warning of a surge in activity associated with FICORA and Kaiten botnets
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
FortiGuard Labs researchers observed increased activity from two botnets in late 2024: the Mirai variant 'FICORA' and the Kaiten variant 'CAPSAICIN'. Both target vulnerabilities in D-Link devices, particularly through the HNAP interface, allowing remote command execution. The FICORA botnet downloads and executes a shell script to infect Linux systems, while CAPSAICIN uses a downloader script to target various Linux architectures. FICORA includes DDoS capabilities using multiple protocols. CAPSAICIN appears to be a variant of Keksec group botnets. The attacks exploit vulnerabilities that were patched years ago, highlighting the importance of regular device updates and monitoring.
OPENCTI LABELS :
linux,botnet,mirai,cve-2015-2051,kaiten,cve-2024-33112,d-link,ficora,capsaicin,cve-2019-10891,cve-2022-37056
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Warning of a surge in activity associated with FICORA and Kaiten botnets