Today > vulnerabilities   -   You can now download lists of IOCs here!

People's Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations

Oct. 2, 2024, 1 p.m.

Tags
china
ddos
iot
botnet
cyber espionage
mirai
CVE-2024-29973
CVE-2024-4577
CVE-2024-5217
routers
CVE-2023-3519
CVE-2023-46604
CVE-2023-46747
2024-10-02
CVE-2023-43478
CVE-2023-3852
CVE-2023-36844
network compromise
CVE-2024-29269
CVE-2023-36542
CVE-2023-35885
CVE-2024-21762
CVE-2023-38035
CVE-2023-35843
CVE-2023-37582
CVE-2023-38646
CVE-2023-50386
CVE-2023-47218
External References
Description

PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to hijack IoT devices and routers. Compromised devices span North America, South America, Europe, Africa, Southeast Asia and Australia. The actors may use the botnet to conceal identities for DDoS attacks or network compromises. Many affected devices are still vendor-supported. The botnet infrastructure allows registered users to manage and control victim devices, including sending DDoS and exploitation commands.

Date

Published: Oct. 2, 2024, 12:14 p.m.

Created: Oct. 2, 2024, 12:14 p.m.

Modified: Oct. 2, 2024, 1 p.m.

Indicators

37.9.35.91

222.186.48.204

222.186.48.201

208.85.16.100

45.80.215.153

92.38.185.47

92.38.185.46

92.38.185.44

92.38.185.43

92.38.176.156

91.216.190.80

91.216.190.74

91.216.190.247

91.216.190.2

91.216.190.154

89.44.198.254

89.44.198.195

89.44.198.200

85.90.216.69

85.90.216.115

85.90.216.116

85.90.216.112

78.141.238.97

5.45.184.68

85.90.216.111

5.181.27.6

5.181.27.219

5.181.27.19

45.80.215.47

5.181.27.21

45.80.215.156

45.80.215.155

45.80.215.154

45.80.215.152

45.80.215.151

45.80.215.150

45.77.231.209

45.135.117.136

45.135.117.131

45.13.199.96

45.13.199.84

45.13.199.140

45.13.199.207

45.10.58.132

45.10.58.130

45.10.58.129

37.61.229.17

37.61.229.15

23.236.68.229

23.236.68.193

23.236.68.213

207.148.68.131

207.148.122.69

195.234.62.198

195.234.62.192

195.234.62.197

195.234.62.19

195.234.62.188

195.234.62.184

195.234.62.18

155.138.151.225

155.138.133.56

149.248.51.22

139.180.137.219

92.38.185.45

85.90.216.110

65.20.97.251

45.80.215.149

45.13.199.45

45.13.199.152

45.13.199.104

45.10.58.133

23.236.69.82

23.236.69.110

23.236.68.161

45.92.70.71

45.92.70.68

45.92.70.115

45.92.70.113

45.92.70.112

45.92.70.111

zzzcmsq.w8510.com

zzxnjiq.w8510.com

zdzvbs.w8510.com

zdqqqqwe.w8510.com

zdpog.w8510.com

zdpoa.w8510.com

zdcawca.w8510.com

zdcacaw.w8510.com

zdazzz.w8510.com

zdaxcxzc.w8510.com

zdavva.w8510.com

zdaqwfasf.w8510.com

zdapoq.w8510.com

zdaqggh.w8510.com

zdapoi.w8510.com

zdaplm.w8510.com

zdafaa.w8510.com

zdamkl.w8510.com

zdaczxc1.w8510.com

zdaczsc.w8510.com

zdaczvs.w8510.com

zdaczcvs1.w8510.com

zdaczcaaw.w8510.com

zdacxdawdas.w8510.com

zdacx46.w8510.com

zdacwrf.w8510.com

zdacwaca.w8510.com

zdacvbzzs.w8510.com

zdacvb.w8510.com

zdacscswc.w8510.com

zdacppao.w8510.com

zdacccz.w8510.com

zdacawca.w8510.com

zdacasc.w8510.com

zdabnv.w8510.com

zdaasdafq.w8510.com

zdaaac.w8510.com

zda9ol.w8510.com

zda4g4.w8510.com

zda896.w8510.com

uqooapp.w8510.com

uuiyiyasd.w8510.com

testate.w8510.com

testateone.w8510.com

ssacawfafwa.w8510.com

qmmklou.w8510.com

qwertdvvaaz.w8510.com

qacassdfawemp.w8510.com

poooooiioasd.w8510.com

ppppoiiua.w8510.com

pojkkaka.w8510.com

plllkkoasdko.w8510.com

poiaqqrjk.w8510.com

oiuiasdads.w8510.com

mnbghjj.w8510.com

mmnajsdh.w8510.com

mmjkjiu.w8510.com

lkopiyut.w8510.com

lkljjhidjaiwd.w8510.com

iuyrdfvv.w8510.com

iyasdasfda.w8510.com

iiiiopasdfcasd.w8510.com

iikljhg.w8510.com

dvasrdftqgqg.w8510.com

dftiscasdwe.w8510.com

ccmmkmnkna.w8510.com

cpooooim.w8510.com

cccvbsdfsdf.w8510.com

ccccasdasdq.w8510.com

cccasdqawer.w8510.com

cansqra.w8510.com

canwtrow.w8510.com

asdvxzzxvza.w8510.com

w8510.com

acqv.w8510.com

zdacxzd.w8510.com

zdacasdc.w8510.com

zasdfgasd.w8510.com

wmllxwkg.w8510.com

tuisasdcxzd.w8510.com

ocmnusdjdik.w8510.com

mjiudwajhkf.w8510.com

lyblqwesfawe.w8510.com

kliscjaisdjhi.w8510.com

bzbatflwb.w8510.com

awbpxtpi.w8510.com

apdfhhjcxcb.w8510.com

aewreiuicajo.w8510.com

Download all indicators here!

Attack Patterns

Mirai

Integrity Technology Group

T1110

T1016

T1082

T1083

T1595

T1210

T1498

T1499

T1204

T1562

T1190

T1133

T1078

T1068

T1059

CVE-2023-43478

CVE-2023-37582

CVE-2023-36542

CVE-2023-35885

CVE-2023-35843

CVE-2023-35081

CVE-2023-34960

CVE-2023-34598

CVE-2023-3368

CVE-2023-33510

CVE-2023-30799

CVE-2023-28365

CVE-2023-26469

CVE-2023-23333

CVE-2022-3590

CVE-2022-40881

CVE-2022-20707

CVE-2021-46422

CVE-2021-45511

CVE-2021-36260

CVE-2021-28799

CVE-2021-1473

CVE-2021-1472

CVE-2020-4450

CVE-2020-35391

CVE-2020-3451

CVE-2019-12168

CVE-2019-11829

CVE-2018-18852

CVE-2017-7876

CVE-2019-19824

CVE-2024-29269

CVE-2022-1388

CVE-2021-20090

CVE-2015-7450

CVE-2024-5217

CVE-2022-31814

CVE-2023-38035

CVE-2019-17621

CVE-2023-36844

CVE-2024-4577

CVE-2024-29973

CVE-2022-30525

CVE-2023-3519

CVE-2023-28771

CVE-2023-27997

CVE-2023-47218

CVE-2023-50386

CVE-2024-21762

CVE-2023-22527

CVE-2023-46604

CVE-2023-46747

CVE-2023-22515

CVE-2023-4166

CVE-2023-3852

CVE-2023-38646

CVE-2023-27524

CVE-2023-24229

CVE-2023-25690

CVE-2020-3452

CVE-2019-7256

CVE-2022-26134

CVE-2020-8515

CVE-2020-15415

CVE-2022-42475

CVE-2021-44228

Additional Informations

Technology

Telecommunications

Government

British Indian Ocean Territory

Albania

South Africa

Hong Kong

Bangladesh

India

Lithuania

Australia

China

Netherlands

Poland

Spain

Italy

Canada

France

Germany

Romania

United Kingdom of Great Britain and Northern Ireland

United States of America