Experts from Palo Alto Networks have recorded a surge in cyber attacks aimed at the RCE vulnerability in the Realtek Jungle SDK.

We are talking about the error CVE-2021-35394, which was made public back in August 2021.

The bug affects hundreds of types of devices using Realtek RTL8xxx chips, including routers, home gateways, IP cameras and Wi-Fi repeaters from 66 different manufacturers, including Asus, Belkin, D-Link, Huawei, LG, Logitech, Netgear, ZTE and Zyxel.

The flaw is quite serious and allows attackers who have not authenticated to execute code on vulnerable devices, gaining full control over them.

The first real attacks targeting CVE-2021-35394 were observed a few days after the details of the error were made public, and even then about a million devices were attacked.

In a new report, Palo Alto Networks warns of another increase in the number of attacks trying to exploit a security flaw.

As of December 2022 alone, experts observed 134 million exploitation attempts using this vulnerability, and about 97% of these attacks occurred after the beginning of August 2022.

And at the moment, the attacks are still ongoing. Analysis of the observed exploit attempts showed that 30 regions were the source of the attacks. 

The United States led with 48.3%, followed by Vietnam with 17.8% and Russia with 14.6%.

According to experts, for the most part, the ultimate goal of the attackers was the spread of malware aimed at vulnerability in large-scale attacks aimed at IoT devices, which, once again, underlines the need for organizations to ensure proper protection of these devices.

Most of the observed malicious payloads are variants of the Mirai, Gafgyt and Mozi malware.

A search in Shodan conducted by researchers revealed the existence of more than 80 different models of IoT devices from 14 unique vendors that have port 9034 open.

Studying the exploitation of vulnerabilities, the researchers found that D-Link devices (31 models) are the most popular, followed by LG, Belkin and Zyxel (8, 6 and 6 each).

According to Palo Alto Networks, despite the fact that the affected vendors have long released software updates to solve the problem or recommendations for its elimination, many organizations still continue to ignore the threat.