EN
EN DE
EN
EN DE
Contact Us
Sign Up
Topics
Finance & insurance
Trade
Industry
IT & Consulting
Tourism
Transport
Law
Public

New Mirai Botnet Targets Industrial Routers

0
Share:

Security researchers warn of a new variant of the Mirai botnet. Attackers used it for zero-day exploits on industrial routers.

According to security analyses, the Gayfemboy botnet, based on the infamous Mirai malware, is currently spreading around the world. Researchers at Chainxin X Lab found that cybercriminals have been using the botnet to attack previously unknown vulnerabilities since November 2024. The botnet’s preferred targets include Four-Faith and Neterbit branded routers or smart home devices.

In this context, experts from VulnCheck reported at the end of December of a vulnerability in Four-Faith industrial routers (CVE-2024-12856) that was exploited in the wild. The attackers exploited the router’s default credentials to start a remote command injection.

In addition, the botnet has been used for targeted attacks on unknown vulnerabilities in Vimar Neterbit routers and smart home devices. According to Chainxin X Lab, Gayfemboy is used for a total of 20 vulnerabilities and weak telnet passwords. It has a brute force module for insecure telnet passwords, uses custom UPX packing with unique signatures, and implements Mirai-based command structures. This allows the attackers to update clients, scan networks and carry out DDoS attacks.

Targets

According to the researchers, the botnet has been attacking hundreds of targets every day since its discovery in February 2024. The number of daily active bot IPs is 15,000, most of which are located in China, the USA, Russia, Turkey and Iran. The targets of attacks are spread all over the world and affect different industries. The main targets are in China, the United States, Germany, the United Kingdom, and Singapore.

According to Chainxin X Lab, while the botnet’s DDoS attacks are short-lived (between 10 and 30 seconds), they have a high intensity, with the data rate exceeding 100 Gbps and can cause disruption even to robust infrastructures.

Devices at risk

According to the analysis, the botnet’s attacks target the following devices:

  • ASUS routers (via N-Day exploits).
  • Huawei routers (via CVE-2017-17215)
  • Neterbit router (custom exploit)
  • LB-Link router (via CVE-2023-26801)
  • Four-Faith Industrial Routers (via the zero-day now tracked as CVE-2024-12856)
  • PZT cameras (via CVE-2024-8956 and CVE-2024-8957 )
  • Kguard DVR
  • Lilin DVR (via remote code execution exploits)
  • Generic DVRs (using exploits such as TVT editBlackAndWhiteList RCE)
  • Vimar smart home devices (presumably exploiting an unknown vulnerability)
  • Various 5G/LTE devices (likely due to misconfigurations or weak credentials)

Source

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
11:04 pm, Jan 14, 2025
weather icon 9°C
L: 8° | H: 10°
overcast clouds
Humidity: 92 %
Pressure: 1034 mb
Wind: 5 mph WSW
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 100%
Rain Chance: 0%
Visibility: 8 km
Sunrise: 8:00 am
Sunset: 4:18 pm
DailyHourly
Daily ForecastHourly Forecast
Tomorrow 9:00 pm
weather icon
8° | 10°°C 0 mm 0% 3 mph 97 % 1035 mb 0 mm/h
Thu Jan 16 9:00 pm
weather icon
5° | 9°°C 0 mm 0% 4 mph 96 % 1034 mb 0 mm/h
Fri Jan 17 9:00 pm
weather icon
4° | 8°°C 0 mm 0% 5 mph 92 % 1035 mb 0 mm/h
Sat Jan 18 9:00 pm
weather icon
2° | 7°°C 0 mm 0% 3 mph 90 % 1033 mb 0 mm/h
Sun Jan 19 9:00 pm
weather icon
2° | 7°°C 0 mm 0% 4 mph 96 % 1024 mb 0 mm/h
Tomorrow 12:00 am
weather icon
8° | 9°°C 0 mm 0% 3 mph 92 % 1034 mb 0 mm/h
Tomorrow 3:00 am
weather icon
7° | 8°°C 0 mm 0% 3 mph 94 % 1034 mb 0 mm/h
Tomorrow 6:00 am
weather icon
6° | 7°°C 0 mm 0% 2 mph 95 % 1034 mb 0 mm/h
Tomorrow 9:00 am
weather icon
7° | 7°°C 0 mm 0% 3 mph 97 % 1035 mb 0 mm/h
Tomorrow 12:00 pm
weather icon
9° | 9°°C 0 mm 0% 2 mph 89 % 1034 mb 0 mm/h
Tomorrow 3:00 pm
weather icon
9° | 9°°C 0 mm 0% 2 mph 89 % 1033 mb 0 mm/h
Tomorrow 6:00 pm
weather icon
7° | 7°°C 0 mm 0% 2 mph 95 % 1034 mb 0 mm/h
Tomorrow 9:00 pm
weather icon
7° | 7°°C 0 mm 0% 2 mph 96 % 1034 mb 0 mm/h
Weather from OpenWeatherMap
Name Price24H (%)
Bitcoin(BTC)
€93,782.67
2.45%
Ethereum(ETH)
€3,139.92
3.41%
XRP(XRP)
€2.59
5.56%
Tether(USDT)
€0.97
0.00%
Solana(SOL)
€182.88
3.08%
Dogecoin(DOGE)
€0.347766
6.28%
USDC(USDC)
€0.97
0.00%
Shiba Inu(SHIB)
€0.000021
2.47%
Pepe(PEPE)
€0.000017
3.63%
Peanut the Squirrel(PNUT)
€0.61
7.31%
Know and monitor IT vulnerabilities with just one click before it is too late.

Utility link

Useful link

Newsletter

Follow Us

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Scroll to Top