Industrial routers are being hit by zero-days from new Mirai botnets
- Chinese researchers discovered a variant of Mirai with an offensive name
- It targets industrial routers and smart home devices with zero-day errors, misconfigurations and bad passwords
- About 15,000 active IP addresses were found
Recently, a new malicious botnet was spotted spreading via zero-day vulnerabilities and assimilating industrial routers and smart home devices.
Cybersecurity researchers from China’s Qi’anxin
However, the new versions are very different from the original Mirai, as they exploit more than twenty vulnerabilities and target weak Telnet passwords as a means of distribution and distribution. Some vulnerabilities have never been seen before and have not yet been assigned CVEs. Among them are bugs in Neterbit routers and Vimar smart home devices.
Intense attacks
The researchers also saw that CVE-2024-12856 was used to infect devices. This is a high severity (7.2/10) command injection vulnerability found in industrial Four-Faith routers.
The botnet is called “gayfemboy” and apparently has about 15,000 active IP addresses in the US, Turkey, Iran, China and Russia. The botnet mainly targets these devices, so if you use one of these devices you should be on the lookout for indicators that a breach has occurred.
ASUS routers, Huawei routers, Neterbit routers, LB-Link routers, Four-Faith Industrial Routers, PZT cameras, Kguard DVR, Lilin DVR, generic DVRs, Vimar smart home devices and other various 5G/LTE devices with incorrect configurations or weak credentials.
Whoever is behind this botnet isn’t wasting their time either. Since February last year, it has been carrying out several DDoS attacks, with peak performance recorded in October and November 2024. The targets are mainly in China, the US, the UK, Germany and Singapore.
The attacks typically last between 10 and 30 seconds and are quite intense, exceeding 100 Gbps of traffic, which can disrupt even the most robust infrastructures.
“The targets of attacks are all over the world and spread across different industries,” the researchers said. “The main targets of the attacks are spread across China, the United States, Germany, the United Kingdom and Singapore,” they concluded.
Via BleepingComputer