A new variant of Mirai botnet has been discovered to target vulnerability in D-Link, Netgear and SonicWall devices and never before seen flaws in IoT devices.

"At the time of this writing, attacks are still ongoing," researchers from Palo Alto Networks' Unit 42 team said. “After the exploit succeeds, the attackers attempt to download a malicious shell script that includes Mirai variants and other infection behaviors, such as downloading and executing brute-forcers.”

There are vulnerabilities that attacks have exploited. Known vulnerabilities exploited include:
A SonicWall SSL-VPN exploit; a D-Link DNS-320 firewall exploit
( CVE-2020-25506 );
Yealink Device Management remote code execution (RCE) flaws ( CVE-2021-27561 and CVE-2021-27562 );
Netgear ProSAFE Plus RCE flaw ( CVE-2020-26919 )
Micro Focus in Operation Bridge Reporter ( CVE-2021-22502 )
Netis WF2419 wireless router exploit ( CVE-2019-19356)