The recently discovered backdoor account on Zyxel network appliances is now being used in the wild according to GreyNoise. Andrew Morris, CEO of GreyNoise told BleepingComputer that it doesn’t appear the threat actors they detected are looking for Zyxel devices specifically but instead they are scanning the Internet for any SSH-enabled devices. If SSH is available, the actors attempt to brute force logging into the device. One of the accounts tried just so happened to be the Zyxel backdoor account.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in