Security News

A prolific threat group known for deploying distributed denial-of-service and cryptomining attacks is running a new botnet that is built using the Linux-based Gafgyt source code along with some code from the Mirai botnet malware. Keksec is using the Enemybot malware as a classic botnet, rolling up compromised Internet of Things devices into a larger botnet that can be used to launch DDoS attacks.

There has been a land rush of sorts among threat groups trying to use the vulnerability discovered in the open-source Spring Framework last month, and now researchers at Trend Micro are saying it's being actively exploited to execute the Mirai botnet. The Mirai malware is a long-running threat that has been around since 2016 and is used to pull smaller networked and Internet of Things devices such as IP cameras and routers into a botnet that can then be used in such campaigns as distributed denial-of-service and phishing attacks.

The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS attacks. Spring4Shell is a critical remote code execution vulnerability tracked as CVE-2022-22965, affecting Spring Framework, a widely used enterprise-level Java app development platform.

The botnet known as Dark Mirai has been observed exploiting a new vulnerability on the TP-Link TL-WR840N EU V5, a popular inexpensive home router released in 2017. According to a report by researchers at Fortinet, who have been following Dark Mirai activity, the botnet added the particular RCE in its arsenal only two weeks after TP-Link released the firmware update.

Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday.The four security flaws were found in the Open Management Infrastructure software agent silently installed by Microsoft on more than half of all Azure instances.

A denial-of-service vulnerability affecting SDKs for Realtek chipsets used in 65 vendors' IoT devices has been incorporated into a son-of-Mirai botnet, according to new research. Warning that the vuln had been included in Dark.IoT's botnet "Less than a week" after it was publicly disclosed, Radware said: "This vulnerability was recently disclosed by IoT Inspectors Research Lab on August 16th and impacts IoT devices manufactured by 65 vendors relying on the Realtek chipsets and SDK.".

Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called "Mirai ptea" that leverages an undisclosed vulnerability in digital video recorders provided by KGUARD to propagate and carry out distributed denial-of-service attacks. Chinese security firm Netlab 360 pinned the first probe against the flaw on March 23, 2021, before it detected active exploitation attempts by the botnet on June 22, 2021.

Several variants of the Gafgyt Linux-based botnet malware family have incorporated code from the infamous Mirai botnet, researchers have discovered. Gafgyt is a botnet that was first uncovered in 2014.

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. Regardless of the flaws used to achieve successful exploitation, the attack chain involves the use of wget utility to download a shell script from the malware infrastructure that's then used to fetch Mirai binaries, a notorious malware that turns networked IoT devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks.

Over the past month, a variant of the Mirai botnet was observed targeting new security vulnerabilities within hours after they had been disclosed publicly, researchers with Palo Alto Networks reveal. What makes the variant tracked by Palo Alto Networks stand out in the crowd is the fact that, within a four-week timeframe, it started exploiting several vulnerabilities that have been disclosed this year.