- ShadowV2, a cloud-native botnet based on Mirai, appeared briefly during an AWS outage
- It targeted IoT devices via several vendor vulnerabilities, likely as a test.
- Found in over 20 countries, ShadowV2 could return, echoing Mirai’s disruptive DDoS legacy
Another botnet built on the foundations of the infamous Mirai was recently spotted in the wild, but only briefly, suggesting it could be gearing up for a major attack.
Security researchers at FortiGuard Labs say they saw a new botnet called ShadowV2 that was only active during the recent AWS outage, meaning it was only “alive” for up to 15 hours.
During this period, he targeted multiple vulnerabilities from multiple manufacturers (DD-WRT, D-Link, DigiEver, TBK, and TP-Link) and created a network of similar routers, Wi-Fi access points, NAS enclosures, DVRs, network video recorders, and similar Internet of Things (IoT) hardware.
Mirai Evolution
The botnet could have been used in the same way as Mirai: to launch distributed denial of service (DDoS) attacks, scanning the Internet for vulnerable devices, brute-forcing their credentials, infecting them, and using them for further propagation.
FortiGuard Labs believes that its emergence only served as a “test” and that the botnet will likely return in the future.
ShadowV2 is a cloud-native botnet that previously only targeted AWS EC2 instances. However, it has since evolved to target multiple industries including technology, retail, hospitality, government, telecommunications, and more. It has been found in more than two dozen countries around the world, including Canada, the United States, the United Kingdom, China, Russia, Saudi Arabia and many others.
So far, it is unclear how many devices are infected with ShadowV2, or whether the botnet is currently growing. We know that it is mainly designed for IoT devices.
Shortly after testing ShadowV2, Azure was hit by the “largest” cloud-based DDOS attack, carried out by the Aisuru botnet – which is also considered a “descendant” of Mirai and is sometimes described as “Turbo Mirai”.
Mirai is often referred to as a “revolutionary IoT malware” that became infamous for creating some of the largest and most disruptive botnets ever created, taking major websites and internet infrastructure across the world offline.
Via The register
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
