13.Lock StylizedMotherboard

A cross-platform botnet, ‘MCCrash’ that starts out from malicious software downloads on Windows devices and spreads to a range of Linux-based devices was recently examined by the Microsoft Defender for IoT research team.

The botnet spreads by obtaining the default credentials on Secure Shell (SSH)-capable devices that are open to the internet. Particularly, IoT devices may be vulnerable to attacks like this botnet as they frequently have remote configuration enabled with potentially unsafe settings.


This activity cluster is being monitored by Microsoft under the name DEV-1028, a cross-platform botnet that affects Windows, Linux, and IoT devices.

The DEV-1028 botnet is known to launch distributed denial of service (DDoS) attacks against private ‘Minecraft servers’.