Zyxel firewalls CVE-2023-28771 (pre-auth remote command OS injection) is being actively exploited to build a Mirai-like botnet. Internet-wide sweeps seen by over 700 of our IKEv2 aware honeypot sensors, since May 26th. Exploit PoC is public, so expect an increase in attacks. pic.twitter.com/5GSiLhCrAJ

— Shadowserver (@Shadowserver) May 27, 2023