- Chinese researchers discovered an offensively named Mirai variant
- It targets industrial routers and smart home devices with zero-day vulnerabilities, misconfigurations, and poor passwords.
- Some 15,000 active IP addresses were found
A new malicious botnet was recently observed spreading via zero-day vulnerabilities and taking over industrial routers and smart home devices.
Cybersecurity researchers at Chinese company Qi’anxin devastating.
However, the new versions differ greatly from the original Mirai, as they exploit more than 20 vulnerabilities and target weak Telnet passwords as a means of distribution and propagation. Some vulnerabilities have never been observed before and do not yet have a CVE assigned. Among them are bugs in Neterbit routers and Vimar smart home devices.
Intense attacks
Researchers also observed that CVE-2024-12856 was used to infect devices. This is a high severity (7.2/10) command injection vulnerability found in Four-Faith industrial routers.
The botnet is called “gayfemboy” and is believed to have approximately 15,000 active IP addresses located in the United States, Turkey, Iran, China and Russia. The botnet primarily targets these devices, so if you use one, be on the lookout for indicators of compromise.
ASUS routers, Huawei routers, Neterbit routers, LB-Link routers, industrial quadruple routers, PZT cameras, Kguard DVRs, Lilin DVRs, generic DVRs, Vimar smart home devices and other different 5G/LTE devices with incorrect configurations or information weak identification.
Whoever is behind this botnet isn’t wasting his time either. Since February last year, it has launched different DDoS attacks, with peak performance recorded in October and November 2024. The targets are mainly located in China, the United States, the United Kingdom, Germany and Singapore.
Attacks typically last between 10 and 30 seconds and are quite intense, exceeding 100 Gbps of traffic, which can disrupt even the most robust infrastructure.
“The targets of the attacks are all over the world and spread across various industries,” the researchers said. “The main targets of the attacks are spread across China, the United States, Germany, the United Kingdom and Singapore,” they conclude.
Via BeepComputer
