<ul data-eligibleForWebStory="true"><li>Attackers are actively targeting the Zyxel RCE vulnerability CVE-2023-28771, according to GreyNoise researchers.</li><li>On June 16, a surge in exploit attempts against the Zyxel IKE decoders vulnerability was observed, with 244 unique IPs involved.</li><li>The main targets of the attack were the U.S., U.K., Spain, Germany, and India.</li><li>All 244 IP addresses related to the exploitation attempts were traced back to Verizon Business in the U.S., but the use of UDP means the IPs could be spoofed.</li><li>The exploit attempts were linked to Mirai botnet variants, as confirmed by VirusTotal.</li><li>GreyNoise recommends blocking the identified malicious IPs, verifying device patches, monitoring for post-exploitation activities, and limiting exposure on IKE/UDP port 500.</li><li>In April 2023, Zyxel addressed the CVE-2023-28771 vulnerability in its firewall devices and urged customers to install patches to mitigate the risk.</li><li>The U.S. CISA added the vulnerability to its Known Exploited Vulnerability to Catalog after observing active exploitation.</li></ul>

Attackers target Zyxel RCE vulnerability CVE-2023-28771

Discover more