New Mirai botnet targets industrial routers with zero-day exploits – BleepingComputer
Ivanti warns of new Connect Secure flaw used in zero-day attacksOver 4,000 backdoors hijacked by registering expired domainsSonicWall urges admins to patch exploitable SSLVPN bug immediatelyPowerSchool hack exposes student, teacher data from K-12 districtsTrade in your VPN subscription for a DPN you only pay for onceUnpatched critical flaws impact Fancy Product Designer WordPress pluginIvanti warns of new Connect Secure flaw used in zero-day attacksRussian ISP confirms Ukrainian hackers “destroyed” its networkHow to access the Dark Web using the Tor BrowserHow to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11How to use the Windows Registry EditorHow to backup and restore the Windows RegistryHow to start Windows in Safe ModeHow to remove a Trojan, Virus, Worm, or other MalwareHow to show hidden files in Windows 7How to see hidden files in WindowsRemove the Theonlinesearch.com Search RedirectRemove the Smartwebfinder.com Search RedirectHow to remove the PBlock+ adware browser extensionRemove the Toksearches.xyz Search RedirectRemove Security Tool and SecurityTool (Uninstall Guide)How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundoHow to remove Antivirus 2009 (Uninstall Instructions)How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKillerLocky Ransomware Information, Help Guide, and FAQCryptoLocker Ransomware Information Guide and FAQCryptorBit and HowDecrypt Information Guide and FAQCryptoDefense and How_Decrypt Ransomware Information Guide and FAQQualys BrowserCheckSTOPDecrypterAuroraDecrypterFilesLockerDecrypterAdwCleanerComboFixRKillJunkware Removal TooleLearningIT Certification CoursesGear + GadgetsSecurityBest VPNsHow to change IP addressAccess the dark web safelyBest VPN for YouTubeA relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices.Exploitation of previously unknown vulnerabilities started in November 2024, according to Chainxin X Lab researchers who monitored the botnet’s development and attacks.One of the security issues is CVE-2024-12856, a vulnerability in Four-Faith industrial routers that VulnCheck discovered in late December but noticed efforts to exploit it around December 20.to leverage zero-day exploits has been leveraging a zero-day exploit for CVE-2024-12856, impacting Four-Faith routers, alongside other custom exploits for flaws in Neterbit routers and Vimar smart home devices.The botnet, whose name is a homophobic reference, also relies on custom exploits for unknown vulnerabilities in Neterbit routers and Vimar smart home devices.It was discovered last year in February and currently counts 15,000 daily active bot nodes, mostly in China, the United States, Russia, Turkey, and Iran.Its main goal appears to be carrying out distributed denial of service (DDoS) on specified targets for profit, targeting hundreds of entities daily, with the activity peaking in October and November 2024.The malware leverages a mix of public and private exploits for more than 20 vulnerabilities to spread to internet-exposed devices, targeting DVRs, industrial and home routers, and smart home devices.Specifically, it targets the following:The botnet features a brute-forcing module for weak, Telnet passwords, uses custom UPX packing with unique signatures, and implements Mirai-based command structures for updating clients, scanning networks, and conducting DDoS attacks.X Lab reports that the botnet’s DDoS attacks are short in duration, lasting between 10 and 30 seconds, but high in intensity, exceeding 100 Gbps in traffic, which can cause disruptions even for robust infrastructures.“The targets of attacks are all over the world and distributed in various industries,” explains X Lab.“The main targets of attacks are distributed in China, the United States, Germany, the United Kingdom, and Singapore,” the researchers say.Overall, the botnet demonstrates a unique capability to maintain high infection rates across diverse device types using exploits for n-day and even zero-day flaws.Users can protect their devices by following the general recommendation to install the latest device updates from the vendor, disable remote access if not needed, and change the default admin account credentials.Malware botnets exploit outdated D-Link routers in recent attacksNew botnet exploits vulnerabilities in NVRs, TP-Link routersJuniper warns of Mirai botnet scanning for Session Smart routersUnpatched critical flaws impact Fancy Product Designer WordPress pluginIvanti warns of new Connect Secure flaw used in zero-day attacks”The botnet, whose name is a homophobic reference”
[CITATION NEEDED]Not a member yet? Register NowPowerSchool hack exposes student, teacher data from K-12 districtsMicrosoft Bing shows misleading Google-like page for ‘Google’ searchesChinese hackers also breached Charter and Windstream networksCynet Delivers 100% Protection and 100% Detection Visibility in 2024 MITRE ATT&CK EvaluationProtecting Against Malicious Browser Extensions: The Complete GuideSave IT time with self-service password resetsPassword health-check overdue? Audit your Active Directory for freeInside the incident: Uncovering an advanced phishing attackTerms of Use – Privacy Policy – Ethics Statement – Affiliate DisclosureCopyright @ 2003 – 2025 Bleeping Computer® LLC – All Rights ReservedNot a member yet? Register NowRead our posting guidelinese to learn what content is prohibited.
