Warning of a surge in activity associated with FICORA and Kaiten botnets

Dec. 27, 2024, 5:21 p.m.

Description

FortiGuard Labs researchers observed increased activity from two botnets in late 2024: the Mirai variant 'FICORA' and the Kaiten variant 'CAPSAICIN'. Both target vulnerabilities in D-Link devices, particularly through the HNAP interface, allowing remote command execution. The FICORA botnet downloads and executes a shell script to infect Linux systems, while CAPSAICIN uses a downloader script to target various Linux architectures. FICORA includes DDoS capabilities using multiple protocols. CAPSAICIN appears to be a variant of Keksec group botnets. The attacks exploit vulnerabilities that were patched years ago, highlighting the importance of regular device updates and monitoring.

Date

  • Created: Dec. 27, 2024, 3:52 p.m.
  • Published: Dec. 27, 2024, 3:52 p.m.
  • Modified: Dec. 27, 2024, 5:21 p.m.

Indicators

  • 87.10.220.221
  • 192.110.247.46

Attack Patterns

Linked vulnerabilities