VERY IMPORTANT

On February 28, 2020, we noticed the Moobot botnet successfully used a new exploit (two steps) to spread. On March 19th, we observed ongoing exploit attempts to propagate Gafgyt botnet samples using the above PoC, and few days later, on March 26, we saw the exploit attempt adopted into Gafgyt bots and bots carried out internet wide scan (worm behavior). To properly exploit the fiber routers a two-step process needs to be completed. The 0-day needs to be used after a pre-existing and unnamed vulnerability is exploited. Moobot is currently the only botnet to effectively exploit the 0-day.