1. Forum
  2. TQWNet
  3. TQW GENTECH

  • Industrial routers are being hit by zero-days from new Mirai botn

    From TechnologyDaily@1337:1/100 to All on Friday, January 10, 2025 23:45:04
    Industrial routers are being hit by zero-days from new Mirai botnets

    Date:
    Fri, 10 Jan 2025 23:32:00 +0000

    Description:
    A new botnet, based on the dreaded Mirai, is actively assimilating devices, including smart home gadgets and industrial routers.

    FULL STORY ======================================================================Chinese researchers discovered a variant of Mirai with an offensive name It targets industrial routers and smart home devices with zero-day flaws, misconfigurations, and poor passwords Some 15,000 active IP addresses were found

    A new malicious botnet was recently observed, spreading through zero-day vulnerabilities and assimilating industrial routers and smart home devices.

    Cybersecurity researchers from the Chinese outfit Qianxin XLab claim the botnet is based on Mirai, an infamous piece of malware thats known to be behind some of the biggest and most devastating Distributed Denial of Service ( DDoS ) attacks.

    However, the new versions differ greatly from the original Mirai, as they abuse more than 20 vulnerabilities, and target weak Telnet passwords, as
    means of distribution and spreading. Some of the vulnerabilities have never been seen before, and dont have CVEs assigned just yet. Among them are bugs
    in Neterbit routers, and Vimar smart home devices. Intense attacks

    The researchers also observed CVE-2024-12856 being used to infect devices. This is a high-severity (7.2/10) command injection vulnerability found in Four-Faith industrial routers.

    The botnet is called gayfemboy and apparently counts roughly 15,000 active IP addresses located in the US, Turkey, Iran, China, and Russia. The botnet mostly targets these devices, so if youre running any of them, be on the lookout for indicators of compromise.

    ASUS routers, Huawei routers, Neterbit routers, LB-Link routers, Four-Faith Industrial Routers, PZT cameras, Kguard DVR, Lilin DVR, Generic DVRs, Vimar smart home devices, and other different 5G/LTE devices with misconfigurations or weak credentials.

    Whoever is behind this botnet is not wasting their time, either. Since February last year, its been running different DDoS attacks, with peak performance being recorded in October and November 2024. The targets are mostly located in China, the US, UK, Germany, and Singapore.

    The attacks usually last between 10 and 30 seconds and are quite intense, exceeding 100Gbps in traffic, which can disrupt even the most robust infrastructures.

    The targets of attacks are all over the world and distributed in various industries, the researchers said. The main targets of attacks are distributed in China, the United States, Germany, the United Kingdom, and Singapore, they concluded.

    Via BleepingComputer You might also like This devious malware looked to exploit braille characters to breach Windows security flaws Here's a list of the best antivirus tools on offer These are the best endpoint protection
    tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/industrial-routers-are-being-hit-by-zer o-days-from-new-mirai-botnets


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)