People's Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations

Oct. 2, 2024, 1 p.m.

Description

PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Integrity Technology Group, a PRC-based company with government links, has controlled a botnet of over 260,000 devices since mid-2021. The botnet uses Mirai-based malware to hijack IoT devices and routers. Compromised devices span North America, South America, Europe, Africa, Southeast Asia and Australia. The actors may use the botnet to conceal identities for DDoS attacks or network compromises. Many affected devices are still vendor-supported. The botnet infrastructure allows registered users to manage and control victim devices, including sending DDoS and exploitation commands.

External References

https://media.defense.gov/2024/Sep/18/2003547016/-1/-1/0/CSA-PRC-LINKED-ACTORS-BOTNET.PDF

https://otx.alienvault.com/pulse/66fd391fe0318d98f8af0eb4

Date

Created: Oct. 2, 2024, 12:14 p.m.
Published: Oct. 2, 2024, 12:14 p.m.
Modified: Oct. 2, 2024, 1 p.m.

Indicators

37.9.35.91
222.186.48.204
222.186.48.201
208.85.16.100
45.80.215.153
92.38.185.47
92.38.185.46
92.38.185.44
92.38.185.43
92.38.176.156
91.216.190.80
91.216.190.74
91.216.190.247
91.216.190.2
91.216.190.154
89.44.198.254
89.44.198.195
89.44.198.200
85.90.216.69
85.90.216.115
85.90.216.116
85.90.216.112
78.141.238.97
5.45.184.68
85.90.216.111
5.181.27.6
5.181.27.219
5.181.27.19
45.80.215.47
5.181.27.21
45.80.215.156
45.80.215.155
45.80.215.154
45.80.215.152
45.80.215.151
45.80.215.150
45.77.231.209
45.135.117.136
45.135.117.131
45.13.199.96
45.13.199.84
45.13.199.140
45.13.199.207
45.10.58.132
45.10.58.130
45.10.58.129
37.61.229.17
37.61.229.15
23.236.68.229
23.236.68.193
23.236.68.213
207.148.68.131
207.148.122.69
195.234.62.198
195.234.62.192
195.234.62.197
195.234.62.19
195.234.62.188
195.234.62.184
195.234.62.18
155.138.151.225
155.138.133.56
149.248.51.22
139.180.137.219
92.38.185.45
85.90.216.110
65.20.97.251
45.80.215.149
45.13.199.45
45.13.199.152
45.13.199.104
45.10.58.133
23.236.69.82
23.236.69.110
23.236.68.161
45.92.70.71
45.92.70.68
45.92.70.115
45.92.70.113
45.92.70.112
45.92.70.111

zzzcmsq.w8510.com
zzxnjiq.w8510.com
zdzvbs.w8510.com
zdqqqqwe.w8510.com
zdpog.w8510.com
zdpoa.w8510.com
zdcawca.w8510.com
zdcacaw.w8510.com
zdazzz.w8510.com
zdaxcxzc.w8510.com
zdavva.w8510.com
zdaqwfasf.w8510.com
zdapoq.w8510.com
zdaqggh.w8510.com
zdapoi.w8510.com
zdaplm.w8510.com
zdafaa.w8510.com
zdamkl.w8510.com
zdaczxc1.w8510.com
zdaczsc.w8510.com
zdaczvs.w8510.com
zdaczcvs1.w8510.com
zdaczcaaw.w8510.com
zdacxdawdas.w8510.com
zdacx46.w8510.com
zdacwrf.w8510.com
zdacwaca.w8510.com
zdacvbzzs.w8510.com
zdacvb.w8510.com
zdacscswc.w8510.com
zdacppao.w8510.com
zdacccz.w8510.com
zdacawca.w8510.com
zdacasc.w8510.com
zdabnv.w8510.com
zdaasdafq.w8510.com
zdaaac.w8510.com
zda9ol.w8510.com
zda4g4.w8510.com
zda896.w8510.com
uqooapp.w8510.com
uuiyiyasd.w8510.com
testate.w8510.com
testateone.w8510.com
ssacawfafwa.w8510.com
qmmklou.w8510.com
qwertdvvaaz.w8510.com
qacassdfawemp.w8510.com
poooooiioasd.w8510.com
ppppoiiua.w8510.com
pojkkaka.w8510.com
plllkkoasdko.w8510.com
poiaqqrjk.w8510.com
oiuiasdads.w8510.com
mnbghjj.w8510.com
mmnajsdh.w8510.com
mmjkjiu.w8510.com
lkopiyut.w8510.com
lkljjhidjaiwd.w8510.com
iuyrdfvv.w8510.com
iyasdasfda.w8510.com
iiiiopasdfcasd.w8510.com
iikljhg.w8510.com
dvasrdftqgqg.w8510.com
dftiscasdwe.w8510.com
ccmmkmnkna.w8510.com
cpooooim.w8510.com
cccvbsdfsdf.w8510.com
ccccasdasdq.w8510.com
cccasdqawer.w8510.com
cansqra.w8510.com
canwtrow.w8510.com
asdvxzzxvza.w8510.com
w8510.com
acqv.w8510.com
zdacxzd.w8510.com
zdacasdc.w8510.com
zasdfgasd.w8510.com
wmllxwkg.w8510.com
tuisasdcxzd.w8510.com
ocmnusdjdik.w8510.com
mjiudwajhkf.w8510.com
lyblqwesfawe.w8510.com
kliscjaisdjhi.w8510.com
bzbatflwb.w8510.com
awbpxtpi.w8510.com
apdfhhjcxcb.w8510.com
aewreiuicajo.w8510.com

Download all indicators here!

Attack Patterns

Mirai

Integrity Technology Group

CVE-2023-43478
CVE-2023-37582
CVE-2023-36542
CVE-2023-35885
CVE-2023-35843
CVE-2023-35081
CVE-2023-34960
CVE-2023-34598
CVE-2023-3368
CVE-2023-33510
CVE-2023-30799
CVE-2023-28365
CVE-2023-26469
CVE-2023-23333
CVE-2022-3590
CVE-2022-40881
CVE-2022-20707
CVE-2021-46422
CVE-2021-45511
CVE-2021-36260
CVE-2021-28799
CVE-2021-1473
CVE-2021-1472
CVE-2020-4450
CVE-2020-35391
CVE-2020-3451
CVE-2019-12168
CVE-2019-11829
CVE-2018-18852
CVE-2017-7876
CVE-2019-19824
CVE-2024-29269
CVE-2022-1388
CVE-2021-20090
CVE-2015-7450
CVE-2024-5217
CVE-2022-31814
CVE-2023-38035
CVE-2019-17621
CVE-2023-36844
CVE-2024-4577
CVE-2024-29973
CVE-2022-30525
CVE-2023-3519
CVE-2023-28771
CVE-2023-27997
CVE-2023-47218
CVE-2023-50386
CVE-2024-21762
CVE-2023-22527
CVE-2023-46604
CVE-2023-46747
CVE-2023-22515
CVE-2023-4166
CVE-2023-3852
CVE-2023-38646
CVE-2023-27524
CVE-2023-24229
CVE-2023-25690
CVE-2020-3452
CVE-2019-7256
CVE-2022-26134
CVE-2020-8515
CVE-2020-15415
CVE-2022-42475
CVE-2021-44228

Additional Informations

Technology
Telecommunications
Government

British Indian Ocean Territory
Albania
South Africa
Hong Kong
Bangladesh
India
Lithuania
Australia
China
Netherlands
Poland
Spain
Italy
Canada
France
Germany
Romania
United Kingdom of Great Britain and Northern Ireland
United States of America

People's Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations

Description

External References

Tags

Date

Indicators

Attack Patterns

Additional Informations

Linked vulnerabilities

CVE-2015-7450

CVE-2017-7876

CVE-2018-18852

CVE-2019-11829

CVE-2019-12168

CVE-2019-17621

CVE-2019-19824

CVE-2019-7256

CVE-2020-15415

CVE-2020-3451

CVE-2020-3452

CVE-2020-35391

CVE-2020-4450

CVE-2020-8515

CVE-2021-1472

CVE-2021-1473

CVE-2021-20090

CVE-2021-28799

CVE-2021-36260

CVE-2021-44228

CVE-2021-45511

CVE-2021-46422

CVE-2022-1388

CVE-2022-20707

CVE-2022-26134

CVE-2022-30525

CVE-2022-31814

CVE-2022-3590

CVE-2022-40881

CVE-2022-42475

CVE-2023-22515

CVE-2023-22527

CVE-2023-23333

CVE-2023-24229

CVE-2023-25690

CVE-2023-26469

CVE-2023-27524

CVE-2023-27997

CVE-2023-28365

CVE-2023-28771

CVE-2023-30799

CVE-2023-33510

CVE-2023-3368

CVE-2023-34598

CVE-2023-34960

CVE-2023-35081

CVE-2023-3519

CVE-2023-35843

CVE-2023-35885

CVE-2023-36542

CVE-2023-36844

CVE-2023-37582

CVE-2023-38035

CVE-2023-3852

CVE-2023-38646

CVE-2023-4166

CVE-2023-43478

CVE-2023-46604

CVE-2023-46747

CVE-2023-47218

CVE-2023-50386

CVE-2024-21762

CVE-2024-29269

CVE-2024-29973

CVE-2024-4577

CVE-2024-5217

Share