Tag: botnet
-
Mirai Botnet Spinoffs Unleash Global Wave of DDoS Attacks
Two separate campaigns are targeting flaws in various IoT devices globally, with the goal of compromising them and propagating malware worldwide. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/mirai-botnet-spinoffs-global-wave-ddos-attacks
-
Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet.The ongoing activity “demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks,” Qualys security researcher Shilpesh First seen on…
-
New Mirai Variant Targets Flaws in Cameras and Routers
Murdoc Botnet Uses Over 100 Distinct C2 Servers to Manage Infected Devices. A new variant of the Mirai malware is exploiting vulnerabilities in cameras and routers to infiltrate devices, download payloads and integrate them into an expanding botnet. Qualys tracked over 1,300 active internet protocol addresses linked to the Murdoc Botnet since its emergence in…
-
New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers
Researchers warn of a campaign exploiting AVTECH IP cameras and Huawei HG532 routers to create a Mirai botnet variant called Murdoc Botnet. Murdoc Botnet is a new Mirai botnet variant that targets vulnerabilities in AVTECH IP cameras and Huawei HG532 routers, the Qualys Threat Research Unit reported. The botnet has been active since at least…
-
Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers
Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc_Botnet.The ongoing activity “demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks,” Qualys security researcher Shilpesh First seen on thehackernews.com…
-
13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks
A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices.The activity “take[s] advantage of misconfigured DNS records to pass email protection techniques,” Infoblox security researcher David Brunsdon said in a technical report…
-
New IoT Botnet Launching Large-Scale DDoS attacks Hijacking IoT Devices
Large-scale DDoS attack commands sent from an IoT botnet’s C&C server targeting Japan and other countries since late 2024. These commands targeted various companies, which include major Japanese corporations and banks. While a direct link cannot be confirmed, some targeted organizations reported temporary connection and network disruptions during this period that coincided with the observed…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 28
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Finding Malware: Unveiling PLAYFULGHOST with Google Security Operations Scam Sniffer 2024: Web3 Phishing Attacks Wallet Drainers Drain $494 Million EAGERBEE, with updated and novel components, targets the Middle East Gayfemboy: A Botnet Deliver Through a […]…
-
Breach Roundup: Finland Detains Tanker Tied to Cable Sabotage
Also, Alleged Gravy Analytics Breach Exposes Location Data. This week, a Russian tanker linked to cable sabotage detained in Finland, a claimed Gravy Analytics breach exposed location data, a Mirai-based botnet exploited zero-day flaws, Dell updated framework flaws and a court sentenced a Florida woman for laundering millions in romance scams. First seen on govinfosecurity.com…
-
New Mirai botnet targets industrial routers
Tags: access, attack, botnet, cctv, china, credentials, cve, cybercrime, data, ddos, exploit, germany, network, password, remote-code-execution, router, russia, update, vulnerability, zero-dayAccording to security analysis, the Gayfemboy botnet, based on the notorious Mirai malware, is currently spreading around the world. Researchers from Chainxin X Lab found that cybercriminals have been using the botnet since November 2024 to attack previously unknown vulnerabilities. The botnet’s preferred targets include Four-Faith and Neterbit routers or smart home devices.Experts from VulnCheck reported at the end of…
-
Mirai Botnet Variant Exploits Zero-Day Vulnerabilities in Routers
Researchers observed the Gayfemboy botnet in early 2024 as a basic Mirai variant. Still, the botnet rapidly evolved through iterative development, including UPX polymorphic packing, integrating N-day vulnerabilities, and ultimately leveraging a 0-day vulnerability in Four-Faith industrial routers. By November 2024, Gayfemboy had infected over 15,000 devices, utilizing over 40 grouping categories for command and…
-
Industrial router zero-day leveraged by new Mirai-based botnet
First seen on scworld.com Jump to article: www.scworld.com/brief/industrial-router-zero-day-leveraged-by-new-mirai-based-botnet
-
Gayfemboy Botnet targets Four-Faith router vulnerability
Gayfemboy, a Mirai botnet variant, has been exploiting a flaw in Four-Faith industrial routers to launch DDoS attacks since November 2024. The Gayfemboy botnet was first identified in February 2024, it borrows the code from the basic Mirai variant and now integrates N-day and 0-day exploits. By November 2024, Gayfemboy exploited 0-day vulnerabilities in Four-Faith…
-
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks
A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks.The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States. First seen on…
-
New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices
A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mirai-botnet-zerodays-routers/
-
New Mirai botnet targets industrial routers with zero-day exploits
A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-mirai-botnet-targets-industrial-routers-with-zero-day-exploits/
-
Privacy Roundup: Week 1 of Year 2025
Tags: access, ai, android, apple, authentication, botnet, breach, browser, business, captcha, chrome, compliance, cve, cybersecurity, data, data-breach, detection, email, encryption, exploit, finance, firmware, flaw, google, group, hacker, healthcare, HIPAA, infrastructure, injection, Internet, law, leak, login, malware, open-source, password, phishing, privacy, router, service, software, threat, tool, update, virus, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 29 DEC 2024 – 4 JAN 2024. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things overlap; for…
-
US government sanctions Chinese cybersecurity company linked to APT group
The US Department of Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against a Beijing cybersecurity company for its role in attacks attributed to a Chinese cyberespionage group known as Flax Typhoon.The company, called Integrity Technology Group (Integrity Tech), is accused of providing the computer infrastructure that Flax Typhoon used in its operations…
-
U.S. sanctions take aim at Chinese company said to aid hackers’ massive botnet
A joint takedown operation last year sought to disrupt Flax Typhoon’s compromise of hundreds of thousands of devices. First seen on cyberscoop.com Jump to article: cyberscoop.com/treasury-sanctions-chinese-company-flax-typhoon/
-
US sanctions Chinese cyber firm linked to Flax Typhoon hacks
U.S. officials say the sanctioned Chinese firm provided botnet infrastructure for the China-backed hacking group Flax Typhoon First seen on techcrunch.com Jump to article: techcrunch.com/2025/01/03/us-sanctions-chinese-cyber-firm-linked-to-flax-typhoon-hacks/
-
US Sanctions Beijing Company for Flax Typhoon Hacking
Integrity Technology Group Built Botnet for Chinese Hackers, US Treasury Says. The Department of Treasury blacklisted Integrity Technology Group, declaring transactions with the company to be off-limits for U.S. financial institutions and persons. The effect will likely have more symbolic than actual disruptive effect. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/us-sanctions-beijing-company-for-flax-typhoon-hacking-a-27209
-
US Sanctions Chinese Cybersecurity Firm for Global Botnet Attacks
The US government said that China based firm Integrity Technology Group provided infrastructure for Flax Typhoon to attack multiple US targets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-sanctions-chinese-firm-botnet/
-
Malware botnets exploit outdated D-Link routers in recent attacks
Two botnets tracked as ‘Ficora’ and ‘Capsaicin’ have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malware-botnets-exploit-outdated-d-link-routers-in-recent-attacks/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 26
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript Analyzing Malicious Intent in Python Code: A Case Study DigiEver Fix That IoT Thing! Botnets Continue to Target Aging D-Link Vulnerabilities OtterCookie, […]…
-
FICORA, CAPSAICIN Botnets Exploit Old D-Link Router Flaws for DDoS Attacks
Mirai and Keksec botnet variants are exploiting critical vulnerabilities in D-Link routers. Learn about the impact, affected devices, and how to protect yourself from these attacks. First seen on hackread.com Jump to article: hackread.com/ficora-capsaicin-botnet-d-link-router-flaws-ddos-attacks/
-
Old D-Link flaws exploited in new botnet attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/old-d-link-flaws-exploited-in-new-botnet-attacks
-
D-Link Botnet Attacks Surge in Global Spike
Mirari and Kaiten Botnet Variants Exploit Unpatched Routers. Attackers exploiting nearly decade-old D-Link router vulnerabilities drove a sharp rise in botnet activity in 2024 through variants of the Mirari and Kaiten taking advantage of unpatched devices. Operators of botnets known as Ficora and Capsaicin exploit nearly decade-old flaws. First seen on govinfosecurity.com Jump to article:…
-
Experts warn of a surge in activity associated FICORA and Kaiten botnets
FortiGuard Labs observed increased activity from two botnets, the Mirai variant >>FICORA>CAPSAICINFICORA>CAPSAICIN,