Industrial routers are being hit by zero-days from new Mirai botnets
Share:
A new botnet, based on the dreaded Mirai, is actively assimilating devices. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. A new malicious botnet was recently observed, spreading through zero-day vulnerabilities and assimilating industrial routers and smart home devices.
![[Orico MiniDock]](https://vanilla.futurecdn.net/cyclingnews/media/img/missing-image.svg)
Cybersecurity researchers from the Chinese outfit Qi’anxin XLab claim the botnet is based on Mirai, an infamous piece of malware that’s known to be behind some of the biggest and most devastating Distributed Denial of Service (DDoS) attacks. However, the new versions differ greatly from the original Mirai, as they abuse more than 20 vulnerabilities, and target weak Telnet passwords, as means of distribution and spreading. Some of the vulnerabilities have never been seen before, and don’t have CVEs assigned just yet. Among them are bugs in Neterbit routers, and Vimar smart home devices.
The researchers also observed CVE-2024-12856 being used to infect devices. This is a high-severity (7.2/10) command injection vulnerability found in Four-Faith industrial routers. The botnet is called “gayfemboy” and apparently counts roughly 15,000 active IP addresses located in the US, Turkey, Iran, China, and Russia. The botnet mostly targets these devices, so if you’re running any of them, be on the lookout for indicators of compromise.
