- Sekoia identifies pirates abusing a known flaw in cisco devices
- This leads to the discovery of a botnet called the thriller
- Most victims are in the United States, but the botnet is “the most widespread” in Asia and South America
A botnet previously by INOMIDIS has developed in the world for more than a year, targeting a range of Cisco, Asus, QNAP and Synology devices, warned the experts.
Sekoia cybersecurity researchers observed the attacks on their honey pot and used information to detail the campaign, its infrastructure and its targets.
In his report, Sekoia said that at the end of 2023, he spotted an anonymous threat player targeting vulnerable devices to CVE-2023-20118 CVE-2023-20118-A validation validation bug with inappropriate user entries affecting various small Cisco small businesses. The defect allowed them to execute arbitrary orders on affected devices, drawing a malicious payload from a Huawei cloud server located in Singapore. By digging more deeply, Sekoia has also found traces of the countryside targeting the devices of other manufacturers. They named the poleredge botnet and confirmed that at least 2,000 final points worldwide were infected.
End of unknown game
The goal of the botnet is unknown at the moment, the researchers said.
“The goal of this botnet has not yet been determined. The verification of IP addresses with our telemetry has not revealed any specific activity, ”says the report.
Usually, cybercriminals developed a network of infected devices to execute distributed service denial attacks (DDOS), to set up a residential proxy, to execute spam and phishing campaigns, to spread malware or to engage in clic fraud.
The majority of victims are in the United States, but Sekoia says that the Botnet seems to be “particularly widespread” in Asia and South America, although it cannot be certain if it was a deliberate decision of the attackers, or simply coincidence.
Despite a relatively small infection of devices, Sekoia still considered a dangerous threat.
“The Botnet uses several vulnerabilities on different types of equipment, highlighting its ability to target various systems,” concludes the report.
“The complexity of useful charges further emphasizes the sophistication of the operation, which suggests that it is led by qualified operators. This indicates that Polaredge is a well coordinated and substantial cyber-man. »»
