A hacker built an IoT botnet of 18,000 Huwei-based devices in just one day.
According to a ZDNet report and confirmed by multiple security firms, the hacker took advantage of vulnerable Huawei routers exposed to the internet. This is a common threat for exposed, unpatched Internet of Things (IoT) devices.
Security teams spotted a recent uptick of network scanning of Huawei devices, likely looking for exposed vulnerabilities such as CVE-2017-17215, a critical security flaw that can be exploited through port 37215.
An excerpt of CVE-2017-17215 from NIST:
“Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.”
The hacker who claimed responsibility for the hacking of 18,000 devices goes by the name “Anarchy” according to NewSky security researcher Ankit Anubhav.