IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024

Jan. 20, 2025, 11:13 a.m.

Description

An IoT botnet has been orchestrating large-scale DDoS attacks globally since late 2024, targeting companies in Japan and other countries. The botnet, comprising Mirai and Bashlite variants, infects IoT devices by exploiting vulnerabilities and weak credentials. It uses various DDoS attack methods, can update malware, and enable proxy services. Attack targets are geographically dispersed, with a focus on North America and Europe. The primary infected devices are wireless routers and IP cameras from well-known brands. The botnet's infection process includes downloading and executing malware payloads that connect to C&C servers for attack commands. Different command usage patterns were observed between domestic and international targets, impacting various industry sectors.

External References

https://www.trendmicro.com/en_us/research/25/a/iot-botnet-linked-to-ddos-attacks.html
https://otx.alienvault.com/pulse/678a9ddd9271cf37285c152f
Tags
ddos
iot
botnet
mirai
bashlite
2025-01-17
ip cameras

Date

  • Created: Jan. 17, 2025, 6:13 p.m.
  • Published: Jan. 17, 2025, 6:13 p.m.
  • Modified: Jan. 20, 2025, 11:13 a.m.

Attack Patterns

  • Bashlite
  • Mirai

Additional Informations

  • Technology
  • Transportation
  • Finance
  • Telecommunications
  • British Indian Ocean Territory
  • South Africa
  • India
  • Poland
  • Japan
  • Bahrain
  • United States of America