Level 65
Content Creator
Malware Hunter
A new variant of the Hoaxcalls botnet, which can be marshalled for large-scale distributed denial-of-service (DDoS) campaigns, is spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month.

That’s according to researchers at Radware, who also said that it’s notable how quickly Hoaxcalls operators have moved to weaponize the ZyXel bug, which as of this time of writing, has still not been addressed in a ZyXel advisory.
“The campaigns performed by the actor or group behind XTC and Hoaxcalls include several variants using different combinations of propagation exploits and DDoS attack vectors,” Radware researchers said in the analysis. “It is our opinion that the group behind this campaign is dedicated to finding and leveraging new exploits for the purpose of building a botnet that can be leveraged for large-scale DDoS attacks.”