Alert: Mirai Botnet Targets Juniper Routers in Massive Credential Attack

Alert: Mirai Botnet Targets Juniper Routers in Massive Credential Attack

Juniper Networks Alerts Customers to Mirai Malware Targeting Session Smart Routers

A new security threat has emerged as Juniper Networks reports Mirai malware actively scanning for Session Smart routers with default credentials. The campaign, first detected on December 11, has already resulted in compromised devices being used in distributed denial-of-service (DDoS) attacks.

Key Findings:
– Malware specifically targets devices using factory-default login credentials
– Compromised routers are being weaponized for DDoS attacks
– Any router still using default passwords is considered at risk

Indicators of Compromise:
– Scanning activity on ports 23, 2323, 80, and 8080
– Multiple failed SSH login attempts
– Unexpected spikes in outbound traffic
– Irregular device behavior and reboots
– SSH connections from suspicious IP addresses

Security Recommendations:
1. Immediately change default credentials
2. Implement strong password policies
3. Keep firmware up to date
4. Monitor access logs
5. Enable automated security alerts
6. Deploy intrusion detection systems
7. Configure firewalls to restrict unauthorized access

Juniper emphasizes that infected devices must undergo complete reimaging before returning to service, as the extent of compromise cannot be determined. This alert follows several security incidents in 2023, including critical vulnerabilities in Juniper EX switches and SRX firewalls, highlighting the ongoing importance of network security vigilance.

Share This Article