Mirai

Pierluigi Paganini June 25, 2024
Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

Researchers warn that a Mirai-based botnet is exploiting a recently disclosed critical vulnerability in EoL Zyxel NAS devices. Researchers at the Shadowserver Foundation warn that a Mirai-based botnet has started exploiting a recently disclosed vulnerability tracked as CVE-2024-29973 (CVSS score 9.8) in end-of-life NAS devices Zyxel NAS products. The flaw is a command injection vulnerability […]

Pierluigi Paganini November 22, 2023
New InfectedSlurs Mirai-based botnet exploits two zero-days

Mirai-based botnet InfectedSlurs has been spotted exploiting two zero-day RCE flaws to compromise routers and video recorder (NVR) devices. Akamai warned of a new Mirai-based DDoS botnet, named InfectedSlurs, actively exploiting two zero-day vulnerabilities to infect routers and video recorder (NVR) devices. The researchers discovered the botnet in October 2023, but they believe it has […]

Pierluigi Paganini October 11, 2023
Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

A Mirai-based DDoS botnet tracked as IZ1H9 has added thirteen new exploits to target routers from different vendors, including D-Link, Zyxel, and TP-Link. Fortinet researchers observed a new Mirai-based DDoS botnet, tracked as IZ1H9, that added thirteen new payloads to target routers from multiple vendors, including D-Link, Zyxel, TP-Link, and TOTOLINK. The experts observed a surge in botnet […]

Pierluigi Paganini June 22, 2023
New Mirai botnet targets tens of flaws in popular IoT devices

Since March 2023, Unit 42 researchers have observed a variant of the Mirai botnet spreading by targeting tens of flaws in D-Link, Zyxel, and Netgear devices. Since March 2023, researchers at Palo Alto Networks Unit 42 have observed a new variant of the Mirai botnet targeting multiple vulnerabilities in popular IoT devices. Below is the […]

Pierluigi Paganini April 25, 2023
A new Mirai botnet variant targets TP-Link Archer A21

Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451) in TP-Link Archer A21 in recent attacks. Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8) in TP-Link Archer AX21 Wi-Fi routers. The CVE-2023-1389 flaw is an unauthenticated command injection vulnerability […]

Pierluigi Paganini February 16, 2023
Mirai V3G4 botnet exploits 13 flaws to target IoT devices

During the second half of 2022, a variant of the Mirai bot, tracked as V3G4, targeted IoT devices by exploiting tens of flaws. Palo Alto Networks Unit 42 researchers reported that a Mirai variant called V3G4 was attempting to exploit several flaws to infect IoT devices from July to December 2022.  Below is the list […]

Pierluigi Paganini August 05, 2022
New Linux botnet RapperBot brute-forces SSH servers

RapperBot is a new botnet employed in attacks since mid-June 2022 that targets Linux SSH servers with brute-force attacks. Researchers from FortiGuard Labs have discovered a new IoT botnet tracked as RapperBot which is active since mid-June 2022. The bot borrows a large portion of its code from the original Mirai botnet, but unlike other […]

Pierluigi Paganini June 28, 2022
ZuoRAT malware hijacks SOHO Routers to spy in the vitims

A new RAT dubbed ZuoRAT was employed in a campaign aimed at small office/home office (SOHO) routers in North American and Europe. Researchers from Black Lotus Labs, the threat intelligence division of Lumen Technologies, have discovered a new remote access trojan (RAT) called ZuoRAT, which targets small office/home office (SOHO) devices of remote workers during COVID-19 […]

Pierluigi Paganini April 09, 2022
A Mirai-based botnet is exploiting the Spring4Shell vulnerability

Experts warn of a Mirai-based botnet exploiting the recently discovered Spring4Shell vulnerability in attacks in the wild. Trend Micro Threat Research reported that the recently discovered Spring4Shell vulnerability (CVE-2022-22965) is actively exploited by a Mirai-based botnet. Researchers from Chinese cybersecurity firm Qihoo 360 first reported the exploitation of the Spring4Shell by a Mirai-based botnet in early April. […]

Pierluigi Paganini November 15, 2021
Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps). Cloudflare, Inc. is an American web infrastructure and website security company that provides content delivery network and DDoS mitigation services. The company announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked just below 2 terabytes per second (Tbps), which […]