13.Lock StylizedMotherboard

A new Mirai botnet variant tracked as ‘V3G4’ targets 13 vulnerabilities in Linux-based servers and IoT devices to use in DDoS (distributed denial of service) attacks.

The malware spreads by brute-forcing weak or default telnet/SSH credentials and exploiting hardcoded flaws to perform remote code execution on the target devices. Once a device is breached, the malware infects the device and recruits it into its botnet swarm.

The particular malware was spotted in three distinct campaigns by researchers at Palo Alto Networks (Unit 42), who reported monitoring the malicious activity between July 2022 and December 2022.

Unit 42 believes all three attack waves originate from the same threat actor because the hardcoded C2 domains contain the same string, the shell script downloads are similar, and the botnet clients used in all attacks feature identical functions.