AndoryuBot - New Botnet Campaign Targets Ruckus Wireless Admin Remote Code Execution Vulnerability
FortiGuard Labs has discovered a new botnet called AndoryuBot that targets the Ruckus vulnerability (CVE-2023-25717) on Linux systems. The botnet contains DDoS attack modules for different protocols and communicates with its command-and-control server using SOCKS5 proxies. AndoryuBot targets the following architectures: arm, m68k, mips, mpsl, sh4, spc, and x86. Once inside an infected device, it downloads a script for further propagation. The client waits for a command from the server to launch a DDoS attack. AndoryuBot includes 12 methods: tcp-raw, tcp-socket, tcp-cnc, tcp-handshake, udp-plain, udp-game, udp-ovh, udp-raw, udp-vse, udp-dstat, udp-bypass, and icmp-echo. CVEs: CVE-2023-25717 Malware: Andoryu [View Article](https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717?&web_view=true)