A Mirai botnet variant tracked as IZ1H9 has updated its arsenal with 13 exploits targeting various routers, IP cameras, and other IoT devices.

A variant of the Mirai botnet has recently updated its arsenal of tools with 13 exploits targeting vulnerabilities in IoT devices from D-Link, TP-Link, Zyxel, and various other manufactures, Fortinet reports.

Tracked as IZ1H9 and first discovered in August 2018, this Mirai variant is one of the most active, exploiting unpatched vulnerabilities in IoT devices to ensnare them and abuse them in distributed denial-of-service (DDoS) attacks.

Following the addition of exploits for several new security bugs earlier this year, IZ1H9 has recently expanded its arsenal once again, now packing approximately 30 exploits for D-Link, Geutebruck, Korenix, Netis, Sunhillo, Totolink, TP-Link, Yealink, and Zyxel flaws.

Exploitation of these vulnerabilities peaked on September 6, when Fortinet saw thousands of attack attempts.

Of the newly added exploits, four target D-Link issues tracked as CVE-2015-1187, CVE-2016-20017, CVE-2020-25506, and CVE-2021-45382. These critical-severity flaws allow remote attackers to execute arbitrary code on affected devices.

According to Fortinet, eight other exploits target arbitrary command execution bugs impacting the firmware that UDP Technology supplies to Geutebruck and other OEMs for their IP cameras.

A new Mirai malware botnet variant has been spotted infecting inexpensive Android TV set-top boxes used by millions for media streaming. According to Dr. Web’s antivirus team, the current trojan is a new version of the ‘Pandora’
backdoor that first appeared in 2015.

The primary targets of this campaign are low-cost Android TV boxes like Tanix
TX6 TV Box, MX10 Pro 6K, and H96 MAX X3, which feature quad-core processors capable of launching powerful DDoS attacks even in small swarm sizes.

Since March 2023, Unit 42 researchers have observed threat actors leveraging several IoT vulnerabilities to spread a variant of the Mirai botnet.

The threat actors have the ability to gain complete control over the compromised devices, integrating those devices into the botnet. These devices are then used to execute additional attacks, including distributed denial-of-service (DDoS) attacks.

The widespread adoption of IoT devices has become a ubiquitous trend. However, the persistent security concerns surrounding these devices cannot be ignored.
The Mirai botnet, discovered back in 2016, is still active today. A significant part of the reason for its popularity among threat actors lies in the security flaws of IoT devices.

Their DDoS malware threatened the entire Internet

A Mirai botnet variant has launched a distributed denial-of-service (DDoS) attack that peaked at 2.5 terabytes per second (Tbps), according to Cloudflare, which described it as the largest attack it has seen in terms of bitrate.

The attack was aimed at a Minecraft server named Wynncraft and it involved UDP and TCP floods. However, the web security firm said it mitigated the attack, preventing it from causing any disruption to the game.

While this may have been a record-breaking attack for Cloudflare, Microsoft last year observed an attack that peaked at 3.47 Tbps and another that reached 3.25 Tbps.

Cloudflare this year also saw an attack reaching 26 million requests per second (RPS). The attack was noteworthy particularly for the fact that it was powered by a small botnet of only 5,000 devices. However, in terms of RPS, Google saw the biggest attack known to date, which peaked at 46 million RPS.

“The entire 2.5 Tbps attack lasted about 2 minutes, and the peak of the 26M rps attack only 15 seconds,” Cloudflare explained. “This emphasizes the need for automated, always-on solutions. Security teams can’t respond quick enough. By the time the security engineer looks at the PagerDuty notification on their phone, the attack has subsided.”