Qihoo 360 Netlab researchers reported on Friday that they are tracking an uptick in botnet activity associated with a variant of Mirai. Targeted are ports 23 and 2323 on internet-connected devices made by ZyXEL Communications that are using default admin/CentryL1nk and admin/QwestM0dem telnet credentials.
“About 60 hours ago, since 2017-11-22 11:00, we noticed big upticks on port 2323 and 23 scan traffic, with almost 100k unique scanner IP came from Argentina,” wrote researchers in a blog post on Friday. “After investigation, we are quite confident to tell this is a new Mirai variant.”