Back

People's Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations

Oct. 2, 2024, 1 p.m.

Tags

china
ddos
iot
botnet
cyber espionage
mirai
CVE-2024-29973
CVE-2024-4577
CVE-2024-5217
routers
CVE-2023-3519
CVE-2023-46604
CVE-2023-46747
2024-10-02
CVE-2023-43478
CVE-2023-3852
CVE-2023-36844
network compromise
CVE-2024-29269
CVE-2023-36542
CVE-2023-35885
CVE-2024-21762
CVE-2023-38035
CVE-2023-35843
CVE-2023-37582
CVE-2023-38646
CVE-2023-50386
CVE-2023-47218

External References

https://media.defense.gov/

https://otx.alienvault.com/

Description

PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to hijack IoT devices and routers. Compromised devices span North America, South America, Europe, Africa, Southeast Asia and Australia. The actors may use the botnet to conceal identities for DDoS attacks or network compromises. Many affected devices are still vendor-supported. The botnet infrastructure allows registered users to manage and control victim devices, including sending DDoS and exploitation commands.

Date

Published Created Modified
Oct. 2, 2024, 12:14 p.m. Oct. 2, 2024, 12:14 p.m. Oct. 2, 2024, 1 p.m.

Attack Patterns

Mirai

Integrity Technology Group

T1110

T1016

T1082

T1083

T1595

T1210

T1498

T1499

T1204

T1562

T1190

T1133

T1078

T1068

T1059

CVE-2023-43478

CVE-2023-37582

CVE-2023-36542

CVE-2023-35885

CVE-2023-35843

CVE-2023-35081

CVE-2023-34960

CVE-2023-34598

CVE-2023-3368

CVE-2023-33510

CVE-2023-30799

CVE-2023-28365

CVE-2023-26469

CVE-2023-23333

CVE-2022-3590

CVE-2022-40881

CVE-2022-20707

CVE-2021-46422

CVE-2021-45511

CVE-2021-36260

CVE-2021-28799

CVE-2021-1473

CVE-2021-1472

CVE-2020-4450

CVE-2020-35391

CVE-2020-3451

CVE-2019-12168

CVE-2019-11829

CVE-2018-18852

CVE-2017-7876

CVE-2019-19824

CVE-2024-29269

CVE-2022-1388

CVE-2021-20090

CVE-2015-7450

CVE-2024-5217

CVE-2022-31814

CVE-2023-38035

CVE-2019-17621

CVE-2023-36844

CVE-2024-4577

CVE-2024-29973

CVE-2022-30525

CVE-2023-3519

CVE-2023-28771

CVE-2023-27997

CVE-2023-47218

CVE-2023-50386

CVE-2024-21762

CVE-2023-22527

CVE-2023-46604

CVE-2023-46747

CVE-2023-22515

CVE-2023-4166

CVE-2023-3852

CVE-2023-38646

CVE-2023-27524

CVE-2023-24229

CVE-2023-25690

CVE-2020-3452

CVE-2019-7256

CVE-2022-26134

CVE-2020-8515

CVE-2020-15415

CVE-2022-42475

CVE-2021-44228

Additional Informations

Technology

Telecommunications

Government

British Indian Ocean Territory

Albania

South Africa

Hong Kong

Bangladesh

India

Lithuania

Australia

China

Netherlands

Poland

Spain

Italy

Canada

France

Germany

Romania

United Kingdom of Great Britain and Northern Ireland

United States of America