VERY IMPORTANT

In April, we discussed our findings on increased activity originating from China targeting network devices in Brazil that mimicked the Mirai botnet’s scanning technique. We recently found similar Mirai-like scanning activity from Mexico. The difference in these attacks, however, is that some of the detected activity is being done via the exploitation of CVE-2018-10561 and CVE-2018-10562, two vulnerabilities that are specific to Gigabit Passive Optical Network (GPON)-based home routers. These two vulnerabilities can be exploited to allow remote code execution (RCE) on the affected device.