- Chinese researchers discovered a Mirai variant with an offensive name
- It targets industrial routers and smart home devices with zero-day flaws, incorrect configurations, and poor passwords.
- About 15,000 active IP addresses were found
A new malicious botnet was recently observed spreading via zero-day vulnerabilities and hijacking industrial routers and smart home devices.
Cybersecurity researchers from the Chinese team Qi’anxin XLab claim that the botnet is based on Mirai, an infamous malware known to be behind some of the largest and most devastating distributed denial of service (DDoS) attacks.
However, the new versions differ greatly from the original Mirai, abusing more than 20 vulnerabilities and targeting weak Telnet passwords as a means of distribution and propagation. Some of the vulnerabilities have never been seen before and do not yet have CVEs assigned. These include bugs in Neterbit routers and Vimar smart home devices.
intense attacks
The researchers also observed the use of CVE-2024-12856 to infect devices. This is a high severity (7.2/10) command injection vulnerability found in Four-Faith industrial routers.
The botnet is called “gayfemboy” and apparently has approximately 15,000 active IP addresses located in the US, Turkey, Iran, China and Russia. The botnet primarily targets these devices, so if you are running any of them, keep an eye out for indicators of compromise.
ASUS routers, Huawei routers, Neterbit routers, LB-Link routers, Four-Faith industrial routers, PZT cameras, Kguard DVR, Lilin DVR, Generic DVRs, Vimar smart home devices and other different 5G/LTE devices with incorrect configurations or weak credentials.
Whoever is behind this botnet is not wasting their time either. Since February last year, it has been executing different DDoS attacks, recording peak performance in October and November 2024. The targets are mainly located in China, the US, the UK, Germany and Singapore.
Attacks typically last between 10 and 30 seconds and are quite intense, exceeding 100 Gbps of traffic, which can disrupt even the most robust infrastructures.
“The targets of the attacks are worldwide and distributed across various industries,” the researchers said. “The main objectives of the attacks are distributed in China, the United States, Germany, the United Kingdom and Singapore,” they concluded.
Through beepcomputer
