Juniper warns of Mirai botnet scanning for Session Smart routers

Share:

Juniper Networks has warned customers of Mirai malware attacks scanning the Internet for Session Smart routers using default credentials.

As the networking infrastructure company explained, the malware scans for devices with default login credentials and executes commands remotely after gaining access, enabling a wide range of malicious activities.

The campaign was first observed on December 11, when the first infected routers were found on customers’ networks. Later, the operators of this Mirai-based botnet used the compromised devices to launch distributed denial-of-service (DDoS) attacks.

“On Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms,” says a security advisory published this Tuesday.

“Any customer not following recommended best practices and still using default passwords can be considered compromised as the default SSR passwords have been added to the virus database.”

Juniper also shared indicators of compromise admins should look for on their networks and devices to detect potential Mirai malware activity, including:

  • scans for devices on common Layer 4 ports (e.g., 23, 2323, 80, 8080),
  • failed login attempts on SSH services indicative of brute-force attacks,
  • sudden spike in outbound traffic volume hinting at devices being co-opted in DDoS attacks,
  • devices rebooting or behaving erratically, suggesting they’ve been compromised,
  • SSH connections from known malicious IP addresses.

The company advised customers to immediately ensure their devices follow recommended username and password policies, including changing the default credentials on all Session Smart routers and using unique and strong passwords across all devices.

Admins are also recommended to keep firmware updated, review access logs for anomalies, set alerts automatically triggered when suspicious activity is detected, deploy intrusion detection systems to monitor network activity, and use firewalls to block unauthorized access to Internet-exposed devices.

Juniper also warned that routers already infected in these attacks must be reimaged before being brought back online.

“If a system is found to be infected, the only certain way of stopping the threat is by reimaging the system as it cannot be determined exactly what might have been changed or obtained from the device,” Juniper said.

Last year, in August, the ShadowServer threat monitoring service warned of ongoing attacks targeting a critical remote code execution exploit chain impacting Juniper EX switches and SRX firewalls using a watchTowr Labs proof-of-concept (PoC) exploit.

Since then, Juniper also warned of a critical RCE bug in its firewalls and switches in January and released an out-of-cycle patch for a maximum-severity authentication bypass flaw in its Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.

Update December 20, 03:17 EST: Revised article and title to describe the attacks as scanning activity.

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
3:40 am, Apr 26, 2025
weather icon 9°C
L: 8° | H: 9°
broken clouds
Humidity: 86 %
Pressure: 1021 mb
Wind: 7 mph ENE
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 75%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 5:41 am
Sunset: 8:14 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
8° | 9°°C 0 mm 0% 8 mph 86 % 1025 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
9° | 21°°C 0.2 mm 20% 4 mph 75 % 1026 mb 0 mm/h
Mon Apr 28 10:00 pm
weather icon
12° | 21°°C 0 mm 0% 8 mph 86 % 1026 mb 0 mm/h
Tue Apr 29 10:00 pm
weather icon
11° | 20°°C 0 mm 0% 9 mph 61 % 1026 mb 0 mm/h
Wed Apr 30 10:00 pm
weather icon
11° | 23°°C 0 mm 0% 8 mph 75 % 1025 mb 0 mm/h
Today 4:00 am
weather icon
8° | 9°°C 0 mm 0% 6 mph 86 % 1021 mb 0 mm/h
Today 7:00 am
weather icon
9° | 10°°C 0 mm 0% 4 mph 85 % 1021 mb 0 mm/h
Today 10:00 am
weather icon
12° | 14°°C 0 mm 0% 6 mph 74 % 1022 mb 0 mm/h
Today 1:00 pm
weather icon
16° | 16°°C 0 mm 0% 8 mph 56 % 1023 mb 0 mm/h
Today 4:00 pm
weather icon
16° | 16°°C 0 mm 0% 7 mph 54 % 1023 mb 0 mm/h
Today 7:00 pm
weather icon
14° | 14°°C 0 mm 0% 7 mph 60 % 1023 mb 0 mm/h
Today 10:00 pm
weather icon
11° | 11°°C 0 mm 0% 3 mph 69 % 1025 mb 0 mm/h
Tomorrow 1:00 am
weather icon
10° | 10°°C 0 mm 0% 2 mph 74 % 1025 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€83,234.62
1.76%
Ethereum(ETH)
€1,584.18
2.90%
Tether(USDT)
€0.88
0.02%
XRP(XRP)
€1.92
0.33%
Solana(SOL)
€133.24
0.22%
USDC(USDC)
€0.88
0.01%
Dogecoin(DOGE)
€0.166299
5.56%
Shiba Inu(SHIB)
€0.000013
8.36%
Pepe(PEPE)
€0.000009
11.45%
Scroll to Top