The Gayfemboy botnet capitalizing on a zero-day vulnerability, CVE-2024-12856, has led to Distributed Denial of Service (DDoS) attacks against Four-Faith industrial routers. This exploitation potentially incapacitates critical network resources, causing service interruptions and impairing business operations. The botnet's activity, primarily in major industrial regions including China and the United States, signifies a notable security breach with substantial implications for the infected devices' operability and the broader network reliability.
Source: https://securityaffairs.com/172805/malware/gayfemboy-mirai-botnet-four-faith-flaw.html
TPRM report: https://scoringcyber.rankiteo.com/company/xiamen-four-faith-communication-technology-co-ltd
"id": "xia000010925",
"linkid": "xiamen-four-faith-communication-technology-co-ltd",
"type": "Vulnerability",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Industrial Routers',
'location': ['China', 'United States'],
'name': 'Four-Faith',
'type': 'Company'}],
'attack_vector': 'Zero-day vulnerability (CVE-2024-12856)',
'description': 'The Gayfemboy botnet capitalizing on a zero-day '
'vulnerability, CVE-2024-12856, has led to Distributed Denial '
'of Service (DDoS) attacks against Four-Faith industrial '
'routers. This exploitation potentially incapacitates critical '
'network resources, causing service interruptions and '
"impairing business operations. The botnet's activity, "
'primarily in major industrial regions including China and the '
'United States, signifies a notable security breach with '
"substantial implications for the infected devices' "
'operability and the broader network reliability.',
'impact': {'operational_impact': 'Service interruptions and impaired business '
'operations',
'systems_affected': 'Four-Faith industrial routers'},
'threat_actor': 'Gayfemboy botnet',
'title': 'Gayfemboy Botnet Exploiting CVE-2024-12856 for DDoS Attacks on '
'Four-Faith Industrial Routers',
'type': 'DDoS Attack',
'vulnerability_exploited': 'CVE-2024-12856'}