Mirai Variant V3G4 Targets 13 IoT Vulnerabilities
February 16, 2023
A recent variant of the Mirai malware, V3G4, has been observed targeting 13 Internet of Things (IoT) vulnerabilities to ensnare devices into a botnet. Starting July 2022, the malware was used in multiple attack campaigns, likely by the same threat actor, based on the used hardcoded command-and-control (C&C) domains, malware downloaders, XOR decryption key, identical functions, and a ‘stop list’. The targeted vulnerabilities, which include CVE-2012-4869, CVE-2014-9727, CVE-2017-5173, CVE-2019-15107, CVE-2020-15415, CVE-2020-8515, CVE-2022-26134, CVE-2022-36267, and CVE-2022-4257, have less attack complexity than previously observed variants, but maintain a critical security impact that can lead to remote code execution.
Once the attacker gains control of a vulnerable device, they could take advantage by including the newly compromised devices in their botnet to conduct further attacks such as DDoS, as noted by Palo Alto Networks: “Once the attacker gains control of a vulnerable device in this manner, they could take advantage by including the newly compromised devices in their botnet to conduct further attacks such as DDoS.” To protect against such threats, organizations are advised to ensure that all devices in their environments are patched against known vulnerabilities, that they are protected using strong, unique passwords, and that unused ports and services, which are often targeted by cybercriminals, are either blocked or not accessible from the internet.
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.