Zero-Day Attacks: New Mirai Botnet Weaponizes Critical Flaws in Smart Home and Industrial Networks

Zero-Day Attacks: New Mirai Botnet Weaponizes Critical Flaws in Smart Home and Industrial Networks

New Sophisticated Mirai Botnet Exploits Zero-Day Vulnerabilities

A sophisticated Mirai-based botnet has emerged, targeting industrial routers and smart home devices through zero-day exploits. First detected in February 2023, the botnet has grown to approximately 15,000 daily active nodes, primarily affecting devices in China, the United States, Russia, Turkey, and Iran.

Key Features and Targets:
– Exploits over 20 vulnerabilities, including the recent CVE-2024-12856 affecting Four-Faith industrial routers
– Targets multiple device types:
* Industrial and home routers (ASUS, Huawei, Neterbit, LB-Link)
* DVR systems (Kguard, Lilin)
* Smart home devices (Vimar)
* 5G/LTE devices
* PZT cameras

Attack Characteristics:
– Short but intense DDoS attacks (10-30 seconds)
– Traffic volumes exceeding 100 Gbps
– Primary targets in China, US, Germany, UK, and Singapore
– Hundreds of daily attacks, peaking in October-November 2024

Technical Capabilities:
– Combines public and private exploits
– Features brute-force module for Telnet passwords
– Uses custom UPX packing
– Implements Mirai-based command structures

Protection Measures:
– Install latest device updates
– Disable unnecessary remote access
– Change default admin credentials
– Monitor for suspicious network activity

The botnet’s ability to leverage zero-day exploits and maintain high infection rates across diverse devices makes it a significant threat to global network infrastructure.

Share This Article