A Mirai-based botnet called 'Moobot' is spreading aggressively via exploiting a critical command injection flaw in the webserver of many Hikvision products.
Hikvision is a state-owned Chinese manufacturer of surveillance cameras and equipment that the US government sanctioned due to human rights abuse.
This vulnerability is tracked as CVE-2021-36260 and can be exploited remotely by sending specially crafted messages containing malicious commands.
Hikvision fixed the flaw
back in September 2021 with a firmware update (v 210628), but not all users rushed to apply the security update.
Fortinet reports that Moobot is leveraging this flaw to compromise unpatched devices and extract sensitive data from victims.