Zyxel, a manufacturer of firewalls and security appliances, has faced a ransomware attack due to exploitation of a command injection vulnerability (CVE-2024-42057). Attackers utilized this flaw in devices configured with User-Based-PSK authentication with long usernames. The vulnerability allowed command execution on affected devices, leading to compromised firewalls and potentially providing unauthorized access to network resources. Zyxel took measures by releasing a firmware update and urging users to change admin and user account passwords. The attack has been linked to the Helldown ransomware gang, known for targeting firewalls for initial compromise and deploying ransomware within organizational networks.
Source: https://securityaffairs.com/171382/cyber-crime/zyxel-firewall-ransomware-attacks.html
"id": "zyx000112624",
"linkid": "zyxel",
"type": "Ransomware",
"date": "11/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"