Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices

Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second Tbps distributed denial-of-service DDoS attack, the largest ever attack to be reported to date. The UDP protocol-based attack took place on October 29, 2024, targeting one of its...

New Mirai Variant Murdoc_Botnet Launches DDoS Attacks via IoT Exploits

This article explores the recent campaign of MurdocBotnet, a malware variant of Mirai targeting vulnerable AVTECH and Huawei…...

Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai

The Qualys Threat Research Unit has uncovered a large-scale, ongoing operation within the Mirai campaign, dubbed Murdoc Botnet. This variant exploits vulnerabilities targeting AVTECH Cameras and Huawei HG532 routers. It demonstrates enhanced capabilities, exploiting vulnerabilities to compromise...

Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers

Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities...

13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks

A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity "takes advantage of misconfigured DNS records to pass email protection techniques,"...

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024

Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras...

New Research: Enhancing Botnet Detection with AI using LLMs and Similarity Search

As botnets continue to evolve, so do the techniques required to detect them. While Transport Layer Security TLS encryption is widely adopted for secure communications, botnets leverage TLS to obscure command-and-control C2 traffic. These malicious actors often have identifiable characteristics...

Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks

A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service DDoS attacks. The botnet maintains approximately 15,000 daily active IP addresses, with the...

Some weeks in security (December 16 – January 5)

During the holiday period on Malwarebytes Labs we covered: A day in the life of a privacy pro, with Ron de Jesus Lock and Code S05E26 Task scams surge by 400%, but what are they? 5 million payment card details stolen in painful reminder to monitor Christmas spending AI-generated malvertising "whi...

U.S. Sanctions Chinese Cybersecurity Firm for State-Backed Hacking Campaigns

The U.S. Treasury Department's Office of Foreign Assets Control OFAC on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed...

FICORA, CAPSAICIN Botnets Exploit Old D-Link Router Flaws for DDoS Attacks

Mirai and Keksec botnet variants are exploiting critical vulnerabilities in D-Link routers. Learn about the impact, affected devices, and how to protect yourself from these attacks...

Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

Juniper Networks is warning that Session Smart Router SSR products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it's issuing the advisory after "several customers" reported anomalous behavior on their Session Sma...

Androxgh0st Botnet Targets IoT Devices, Exploiting 27 Vulnerabilities

Androxgh0st, a botnet targeting web servers since January 2024, is also deploying IoT-focused Mozi payloads, reveals CloudSEK’s latest research...

Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of maliciou...

Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign

A threat actor named Matrix has been linked to a widespread distributed denial-of-service DDoS campaign that leverages vulnerabilities and misconfigurations in Internet of Things IoT devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for...

‘Matrix’ Hackers Deploy Massive New IoT Botnet for DDoS Attacks

Aqua Nautilus researchers have discovered a campaign powering a series of large-scale DDoS attacks launched by Matrix, which…...

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. "At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainl...

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent...

Androxgh0st Botnet Integrates Mozi, Expands Attacks on IoT Vulnerabilities

CloudSEK reports that the Androxgh0st botnet has integrated with the Mozi botnet and exploits a wide range of…...

IoT Devices in Password-Spraying Botnet

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in "highly evasive" password spraying. Not sure about the "highly evasive" part; the techniques seem basically what you get in a distributed password-guessing attack: "Any threat actor using the CovertNetwork-1658...