Hello!

There has been a huge uptick of the Mozi botnet[1] from Indian networks(major chunk from a single network) in the past one week.

Based on prior information about Mozi and what I have seen at first glance, it appears to have primarily targeted CPE's with default login/weak credentials, but there could be more.

Some of the affected CPE's along with mitigation outlined by Netlab 360 [2]

[1]: https://www.darkreading.com/iot/new-malware-family-assembles-iot-botnet--/d/... [2]: https://blog.netlab.360.com/mozi-another-botnet-using-dht/