Juniper warns of Mirai botnet scanning for Session Smart routers

Share:

Juniper Networks has warned customers of Mirai malware attacks scanning the Internet for Session Smart routers using default credentials.

As the networking infrastructure company explained, the malware scans for devices with default login credentials and executes commands remotely after gaining access, enabling a wide range of malicious activities.

The campaign was first observed on December 11, when the first infected routers were found on customers’ networks. Later, the operators of this Mirai-based botnet used the compromised devices to launch distributed denial-of-service (DDoS) attacks.

“On Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms,” says a security advisory published this Tuesday.

“Any customer not following recommended best practices and still using default passwords can be considered compromised as the default SSR passwords have been added to the virus database.”

Juniper also shared indicators of compromise admins should look for on their networks and devices to detect potential Mirai malware activity, including:

  • scans for devices on common Layer 4 ports (e.g., 23, 2323, 80, 8080),
  • failed login attempts on SSH services indicative of brute-force attacks,
  • sudden spike in outbound traffic volume hinting at devices being co-opted in DDoS attacks,
  • devices rebooting or behaving erratically, suggesting they’ve been compromised,
  • SSH connections from known malicious IP addresses.

The company advised customers to immediately ensure their devices follow recommended username and password policies, including changing the default credentials on all Session Smart routers and using unique and strong passwords across all devices.

Admins are also recommended to keep firmware updated, review access logs for anomalies, set alerts automatically triggered when suspicious activity is detected, deploy intrusion detection systems to monitor network activity, and use firewalls to block unauthorized access to Internet-exposed devices.

Juniper also warned that routers already infected in these attacks must be reimaged before being brought back online.

“If a system is found to be infected, the only certain way of stopping the threat is by reimaging the system as it cannot be determined exactly what might have been changed or obtained from the device,” Juniper said.

Last year, in August, the ShadowServer threat monitoring service warned of ongoing attacks targeting a critical remote code execution exploit chain impacting Juniper EX switches and SRX firewalls using a watchTowr Labs proof-of-concept (PoC) exploit.

Since then, Juniper also warned of a critical RCE bug in its firewalls and switches in January and released an out-of-cycle patch for a maximum-severity authentication bypass flaw in its Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.

Update December 20, 03:17 EST: Revised article and title to describe the attacks as scanning activity.

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
10:57 am, Apr 2, 2025
weather icon 13°C
L: 12° | H: 14°
clear sky
Humidity: 58 %
Pressure: 1022 mb
Wind: 21 mph E
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 0%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 6:33 am
Sunset: 7:34 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
12° | 14°°C 0 mm 0% 16 mph 68 % 1022 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
9° | 16°°C 0 mm 0% 11 mph 85 % 1022 mb 0 mm/h
Fri Apr 04 10:00 pm
weather icon
10° | 18°°C 0 mm 0% 14 mph 82 % 1022 mb 0 mm/h
Sat Apr 05 10:00 pm
weather icon
6° | 17°°C 0 mm 0% 12 mph 79 % 1022 mb 0 mm/h
Sun Apr 06 10:00 pm
weather icon
7° | 14°°C 0 mm 0% 12 mph 76 % 1025 mb 0 mm/h
Today 1:00 pm
weather icon
14° | 14°°C 0 mm 0% 15 mph 56 % 1022 mb 0 mm/h
Today 4:00 pm
weather icon
14° | 15°°C 0 mm 0% 16 mph 54 % 1021 mb 0 mm/h
Today 7:00 pm
weather icon
13° | 13°°C 0 mm 0% 12 mph 61 % 1020 mb 0 mm/h
Today 10:00 pm
weather icon
10° | 10°°C 0 mm 0% 11 mph 68 % 1021 mb 0 mm/h
Tomorrow 1:00 am
weather icon
10° | 10°°C 0 mm 0% 10 mph 75 % 1021 mb 0 mm/h
Tomorrow 4:00 am
weather icon
9° | 9°°C 0 mm 0% 9 mph 80 % 1020 mb 0 mm/h
Tomorrow 7:00 am
weather icon
9° | 9°°C 0 mm 0% 9 mph 85 % 1020 mb 0 mm/h
Tomorrow 10:00 am
weather icon
12° | 12°°C 0 mm 0% 11 mph 63 % 1020 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€78,701.50
0.75%
Ethereum(ETH)
€1,738.92
-0.38%
Tether(USDT)
€0.93
0.01%
XRP(XRP)
€1.96
-2.98%
Solana(SOL)
€116.45
-2.58%
USDC(USDC)
€0.93
-0.01%
Dogecoin(DOGE)
€0.158841
-1.22%
Shiba Inu(SHIB)
€0.000011
-4.19%
Pepe(PEPE)
€0.000006
-3.48%
Scroll to Top