Security News > 2021 > August > Mozi IoT Botnet Now Also Targets Netgear, Huawei, and ZTE Network Gateways

Mozi, a peer-to-peer botnet known to target IoT devices, has gained new capabilities that allow it to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE, according to new findings.

"Network gateways are a particularly juicy target for adversaries because they are ideal as initial access points to corporate networks," researchers at Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT said in a technical write-up.

First documented by Netlab 360 in December 2019, Mozi has a history of infecting routers and digital video recorders in order to assemble them into an IoT botnet, which could be abused for launching distributed denial-of-service attacks, data exfiltration, and payload execution.

The botnet is evolved from the source code of several known malware families such as Gafgyt, Mirai, and IoT Reaper.

Mozi spreads via the use of weak and default telnet passwords as well as through unpatched IoT vulnerabilities, with the IoT malware communicating using a BitTorrent-like Distributed Hash Table to record the contact information for other nodes in the botnet, the same mechanism used by file-sharing P2P clients.

An IBM X-Force analysis published in September 2020 noted that Mozi accounted for nearly 90% of the observed IoT network traffic from October 2019 through June 2020, indicating that threat actors are increasingly taking advantage of the expanding attack surface offered by the IoT devices.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/aCw0kPVCl50/mozi-iot-botnet-now-also-targets.html