- ShadowV2, a Mirai-based cloud-native botnet, briefly appeared during an AWS outage
- It targeted IoT devices via multi-vendor vulnerabilities, likely as a test.
- ShadowV2, found in more than 20 countries, may return, echoing Mirai’s disruptive DDoS legacy
Another botnet built on the foundations of the infamous Mirai has recently been detected in the wild, but only briefly, suggesting it could be preparing for a major attack.
Security researchers at FortiGuard Labs claim to have seen a new botnet called ShadowV2 that was active only during the recent AWS outage, meaning it was “alive” for no more than 15 hours.
During that time, it targeted multiple vulnerabilities from multiple manufacturers (DD-WRT, D-Link, DigiEver, TBK, and TP-Link) and created a network of assimilated routers, Wi-Fi access points, NAS boxes, DVRs, network video recorders, and similar Internet of Things (IoT) hardware.
Mirai Evolution
The botnet could have been used in the same way Mirai was used: to launch distributed denial of service (DDoS) attacks, scan the Internet for vulnerable devices, brute-force their credentials, infect them, and use them for further spread.
FortiGuard Labs believes that its appearance only served as a “test” and that the botnet will likely return in the future.
ShadowV2 is a cloud-native botnet that previously only targeted AWS EC2 instances. However, it has since evolved to target multiple industries, including technology, retail, hospitality, government, telecommunications, and more. It was found in more than two dozen countries around the world, including Canada, the United States, the United Kingdom, China, Russia, Saudi Arabia, and many others.
So far, it is not known how many devices are infected with ShadowV2, or if the botnet is growing at this time. We know that it is mainly designed for IoT devices.
Shortly after ShadowV2 testing, Azure suffered the “largest cloud-based DDOS attack to date,” carried out by the Aisuru botnet, which is also considered a “descendant” of Mirai and is sometimes described as “Turbo Mirai.”
Mirai is often referred to as a “breakthrough IoT malware” that became famous for creating some of the largest and most disruptive botnets in history, taking important websites and Internet infrastructure offline around the world.
Through The Registry
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
