Alert: Mirai Botnet Exploits Default Passwords in Massive Attack on Juniper SSR Networks

Alert: Mirai Botnet Exploits Default Passwords in Massive Attack on Juniper SSR Networks

Juniper Networks Issues Alert: SSR Products Targeted by Mirai Botnet

Juniper Networks has issued a critical security advisory regarding their Session Smart Router (SSR) products being targeted by the Mirai botnet malware. The campaign, discovered on December 11, 2024, specifically exploits systems using default passwords.

The affected Session Smart Network (SSN) platforms have been compromised and subsequently utilized as sources for DDoS attacks against other network-accessible devices. The Mirai malware, whose source code leaked in 2016, is known for scanning vulnerabilities and exploiting default credentials to create botnets for DDoS attacks.

Key Warning Signs:
– Unusual port scanning activity
– Multiple SSH login attempts
– Unexpected spikes in outbound traffic
– Random system reboots
– Connections from known malicious IPs

Recommended Security Measures:
1. Immediate password changes to strong, unique combinations
2. Regular access log audits
3. Firewall implementation
4. Consistent software updates

Juniper Networks emphasizes that infected systems require complete reimaging, as the extent of compromise cannot be fully determined. Coinciding with this threat, AhnLab Security Intelligence Center has identified a new DDoS malware called cShell, targeting vulnerable Linux servers with exposed SSH services. This Go-language malware exploits Linux tools screen and hping3 for DDoS attacks.

Share This Article