A new Mirai-based botnet that targets industrial routers has emerged. This botnet, discovered in February last year, has been growing in sophistication and now leverages previously unknown vulnerabilities, according to researchers at Chainxin X Lab.
One of the key security issues is CVE-2024-12856, a vulnerability in Four-Faith industrial routers. This flaw was discovered in late December, but exploitation attempts were noticed around December 20. The botnet also uses custom exploits for unknown vulnerabilities in Neterbit routers and Vimar smart home devices.
Currently, the botnet has 15,000 daily active bot nodes, primarily in China, the United States, Russia, Turkey, and Iran. Its main objective appears to be carrying out DDoS attacks on specified targets for profit. It targets hundreds of entities daily, with activity peaking in October and November 2024.
The malware uses a mix of public and private exploits for more than 20 vulnerabilities to spread to internet-exposed devices. It targets DVRs, industrial and home routers, and smart home devices, including ASUS and Huawei routers, LB-Link routers, PZT cameras, Kguard DVR, Lilin DVR, and various 5G/LTE devices.
The botnet also features a brute-forcing module for weak Telnet passwords, uses custom UPX packing with unique signatures, and implements Mirai-based command structures for updating clients, scanning networks, and conducting DDoS attacks.
X Lab reports that the botnet’s DDoS attacks are short in duration, lasting between 10 and 30 seconds, but high in intensity, exceeding 100 Gbps in traffic, which can cause disruptions even for robust infrastructures.
To protect their devices, users are advised to install the latest device updates from the vendor, disable remote access if not needed, and change the default admin account credentials.
About FastNetMon
FastNetMon delivers versatile DDoS detection software for companies at any scale. With extensive experience in the telecom, mobile, and cloud computing industries, we take pride in preventing DDoS attacks and protecting our customers’ networks to the highest standard.