Industrial routers are being hit by zero-days from new Mirai botnets

Posted by:
Emma Walker
Mon, 13 Jan
0 Comment
Feature image

A new malicious botnet, named “gayfemboy”, has been discovered by cybersecurity researchers from Qi’anxin XLab in China. This botnet, based on the infamous Mirai malware, targets industrial routers and smart home devices using zero-day vulnerabilities, misconfigurations, and weak passwords. The botnet exploits over 20 vulnerabilities, including a high-severity command injection vulnerability in Four-Faith industrial routers (CVE-2024-12856). With approximately 15,000 active IP addresses located in the US, Turkey, Iran, China, and Russia, the botnet has been carrying out intense DDoS attacks since February 2023, with peak activity in October and November 2024, disrupting infrastructures worldwide. Major targets of the attacks include China, the US, UK, Germany, and Singapore across various industries. In light of this, users are advised to remain vigilant for any signs of compromise on their ASUS routers, Huawei routers, Neterbit routers, LB-Link routers, PZT cameras, Kguard DVR, Lilin DVR, Generic DVRs, Vimar smart home devices, and 5G/LTE devices with weak credentials or misconfigurations. The researchers emphasize the global impact of the attacks and the sophistication of the new Mirai variant, cautioning users to stay informed about potential risks to their devices.

Tags:

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments