SecuriTricks - Attack Report

External References

Description

Water Barghest, a cybercriminal group, has developed a highly automated system for exploiting and monetizing IoT devices. Their botnet, comprising over 20,000 devices as of October 2024, uses automated scripts to identify and compromise vulnerable IoT devices from public internet scan databases. Once compromised, the Ngioweb malware is deployed, running in memory and connecting to command-and-control servers. The entire process, from initial infection to listing the device on a residential proxy marketplace, can take as little as 10 minutes. Water Barghest targets various IoT devices from brands like Cisco, DrayTek, and Zyxel, using both n-day vulnerabilities and at least one zero-day exploit. Their sophisticated operation has allowed them to maintain a low profile while generating steady income through their cybercriminal activities.

Date

Published: Nov. 18, 2024, 2:21 p.m.

Created: Nov. 18, 2024, 2:21 p.m.

Modified: Nov. 18, 2024, 4:38 p.m.

Indicators

f95342caa61e77174fe7653eea60909b9db0102c27a0641e25cdc053689110ab

f6d70464165e00de26127464a84919f20521aa4efbecfae41e75688f74436489

eddd909b49f2fef023a7b6188b2ae70bbf1e25e85f5e4c84c19cc25641f17175

e3344c598a984dc5dc8dc1d971da8dd9b7058c48288dc5ad063548fff61543a1

e2423e93b84284890a27e3796491049a22f6496b3830e20e808dff1c77560e3d

e0cdaaba90f061d31cfe0211fe207cb3971970a141d9d72f95c8a55c8d565cb1

c267e0bf3f1a0448e66427d5863d762af7cd6cc7ff812e6addcd4e54d9a46ac9

bfab45d715e0e090ea18849661ed3ed58bdd7310c54c4a14a607eee4cc742e33

be285b77211d1a33b7ae1665623a9526f58219e20a685b6548bc2d8e857b6b44

b9360f1434ce7ff45b3ca49ff7269293188a339747b03bcd395b71b1d179700f

b8385ce60ca6c69b7ea67fa93c7d5908809658e7d8a4fb9e003890b820979f53

a8f7eaf999eb6cc8461f785fad13da30315da80b534cae047c5811bbea3351e3

a8497257d78ea15088e0b9c68319a2c0ae8c651ed36780e9424effe97f440c0c

a79ff2cd7f47b11d9176c40f0e82ba9b378c463ff9dd6e3e907df9480c7a1547

a3317844f3d6b5b2440be896b84fd6aa4ee77a0f9b656b784b235e077b69715d

9fead901a3012825841cb6091f52e0a914944fbb1460c3ddb9d07213fbb7e30e

9fda16ad1d32f34c221d0e074a4ef13217eded63b5ff507452c4e2bbb57df3a4

9fb33a16762dce934e7a48946e396ad672ab16d42a060021238f2ddf6a9f0514

9f1fcfb2fcc66f4e534d3348b8d01eef0be1b153bc022ae7601ed3a0817aae88

9cb6c49173e4cb5a0b3c2f6d69a5bdc0bc67138329f00afaf38d678f2c0e00a6

97cadc2eba1eaa7a4115ea7cc82a6955bc69d8e2913b0b46f493f9cc84ec07de

892eb161254733cf5923313544e923fface375c27b3dcf8f66e79da84c93cf65

869965781d96a06741c2a28c54bb8e3233bc10fcb92455e6cb9ab0c9fc2c54d4

83cf89428e07a1a10b22958dca25f50a8a151bccfa01ee9bcce870303a4f9861

7bddb716c233211fa7332586e7d3e859814ec508108fa1024c4fb99aab843cdf

78a1b5bea50034e7a03e6ed5c0f4f80f1fbc770555891a73790e1b59a2fba608

74f4d77bf367063bccece2fb3796e6bd7a1f51528f58ed3f1450b7de6c29b5f4

743f7c495048d8983bbedc3d52ea00c914fe008b06ef01c1be2a78cd5c1375f3

710e0317de732f1bce32ed96d33468cb2b55e513106393b11bf7800081f1e681

6a3288b1d326290778544769ea7c1ed80af763ea47fee5131afef209a0e2d301

600c56a175f3661f434d1fe3418fb4cca96cdf6f880bd74a389e0d16d85ca501

5d89b09dfb7c09a3a42345a136293b469a71ef7a1f599102ad67c09dc4fc53bf

56657300f250fa9df77d6bc393bfc01d585d00bfb5302bf34314368fb13cbe26

5353228926aa96b546b33de4418f15e347441d16d292f4946beca6a0d314e635

4e8a36f467f1dab1b4768f67efd3712562699603839e38d93525c90989a4cf26

4af537b29c54f976801ee7688c4db78d4b4e7b9947769226afc108e4645cf20f

35f95fbb1b439a89cbd6e825188fb64fde44aef9829d549b4f547850552e095c

2e940e3bd88226cfbbfb7a2eefbdd675173fd2950847a9131e11c1682353e286

2bf2c10332f1d31e1b87e62ca2d7afc70f073c55474d7f03ff6c37caec28df4a

1fe1cece08fef19448a32a746f5c8f77521db757c2b345103834a5f617101f15

1748978997d9630c568f6c06ff0767ed8b0cfbf5c93612daf600adefecfba2e1

129693d8c474a8de8f91e1d16e0129732aba20bea9ac24e7c68b345b7b05ad6f

05cd00f975bd2522d943e836ef5a1cb00806c6d684987274da850be348b2b1f4

db1f96b20679f9fb9cbd96b242ab8530102c0105b64c83c3ae544f87594a6fa9

c91795b59248562e44d6c07526c7ab89dfe45344293703a94a3ae5ff02eab5a4

remalexation.name

recepatission.info

prekudinish.com

prenurevaty.info

monobimefist.com

misukumotist.info

inoluvary.com

exagenafy.com

enidecikive.net

disimunous.com

antigutation.info

underuvukent.com

subonuker.name

ultradomafy.net

semiridinution-postepudency.com

minixetepate.biz

promexucate.com

macrofocafify.org

interocakate.com

emelenalike.com

antihicipate.com

Download all indicators here!

Inside Water Barghest's Rapid Exploit-to-Market Strategy for IoT Devices

Tags

External References

Description

Date

Indicators

Attack Patterns

Inside Water Barghest's Rapid Exploit-to-Market Strategy for IoT Devices

Tags

External References

Description

Date

Indicators

Attack Patterns

Share