14 DAY TRIAL // The Mirai botnet is an IoT malware that allowed cybercriminals to compromise over 300,000 devices. Routers, digital video recorders (DVR), and wireless cameras are among the impacted devices, according to E Hacking News.
The sophisticated malware scans these types of devices and attempts to connect to them using default passwords. Once connected, it starts executing DDoS attacks on numerous websites, networks, and servers. Cybersecurity researchers have recently released information about a new version of the Mirai botnet known as Mirai Ptea, that was inspired by the Mirai botnet.
In short, cybercriminals employed the malware to perform a distributed denial of service attack against a KGUARD DVR by exploiting a previously undiscovered vulnerability in the device. According to Netlab 360, a Chinese security group, the first flaw discovery was made on March 23, 2021, prior to substantial botnet activity taking place on June 22, 2021.
Infections caused by this malware have been detected in Asia, North America, South America, Europe, and some African countries. In terms of infection sources, cybercriminals exploited IoT devices to initiate attacks using IP addresses from Korea, Brazil, and the United States.
To prevent further attacks, cybersecurity specialists did not release all of the malware's details
To prevent further attacks, cybersecurity researchers did not release all of the vulnerability's details. However, the researchers stated that previous to 2017, KGUARD DVR firmware was vulnerable and had vulnerable code that permitted remote system command execution without authentication.
Furthermore, analysis of the Mirai Ptea malware sample revealed that the malware encrypts all sensitive resource information before sending it to the C2 server. After decoding, a link is established between the C2 server and the malware-infected PC. As you probably guessed, the communication retrieval procedure receives attack instructions such as initiating DDoS attacks.
Since its beginnings in 2016, a series of distributed denial-of-service (DDoS) attacks have been attributed to the Mirai botnet. Beginning on October 16, 2016, Dyn DNS users in Europe and North America were unable to access a variety of popular websites. Several versions of Mirai have been developed since then, as a result of the open source code, Mirai Ptea being one of them.