Is it targeting them through the same security hole chineese were installing into them since early 2000s?
New payload targeting #Huawei routers detected:
http://103.83.157.41/bins/mips (
)
http://103.83.157.41/bins/#opendir
C2 port: 5301/tcp
Type: Mirai-like #malware
https://www.virustotal.com/gui/file/61b5e7c057b176048c05cd03313c55c359c37db8f0fb8b59640504ba3f319380/detection …
Vulnerability exploited: CVE-2017-17215
Source IP: 167.71.64.218 (
)
#threatintelpic.twitter.com/vVhiYmvwgA
-
-
-
Yeah, seems close. Just a naked update port looking into clearnet.
-
Yes, 37215/tcp is essentially the Huawei backdoor port.
-
Ever since I became anykey sysadmin helper back in the day (about 10 years ago now) - everyone experienced from opsec/cybersec i knew always told me "don't trust huawei hardware, they in cahoots with chineese government, their routers can dump network info to them".
Конец переписки
Новая переписка -
-
-
I always wonder; how is this information gathered?
-
A worldwide network of proprietary Bad Packets® honeypots.https://badpackets.net/threat-intelligence/ …
Конец переписки
Новая переписка -
Загрузка может занять некоторое время.
Вероятно, серверы Твиттера перегружены или в их работе произошел кратковременный сбой. Повторите попытку или посетите страницу Статус Твиттера, чтобы узнать более подробную информацию.