Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs
QiAnXin Threat Intelligence Center's RedDrip team tracked the relevant events and discovered a batch of attack samples exploiting the CVE-2023-23397 vulnerability. After analyzing these samples and C2 servers, we believe that the exploitation of this vulnerability in the wild has been ongoing since March 2022. In the later stages of the attack, the attackers used Ubiquiti-EdgeRouter routers as C2 servers, and the victims of the attack activity were from multiple countries.