Malware hosting domain Cyberium fanning out Mirai variants

Executive summary
AT&T Alien Labs has observed the Mirai variant botnet, known as Moobot, scanning for known but uncommon vulnerabilities in Tenda routers, resulting in a considerable peak in our internal telemetry. The research associated with this peak resulted in the discovery of a malware hosting domain, providing several different Mirai variants, like Moobot and Satori.
Key points:
AT&T Alien Labs identified a short but intense peak in scanning for Tenda routers, which had been uncommon in previous months.
The Cyberium malware hosting domain has been serving Mirai variants for several known, but different botnets over the past year.
Our research team has gathered intelligence from previous campaigns launched by this same attacker; though they made changes in their infrastructure and payloads, they have mostly recycled their tactics and techniques.
Analysis
During the end of March, AT&T Alien Labs observed a spike in exploitation…

Posted by: Fernando Martinez

Read full post

      

The post Malware hosting domain Cyberium fanning out Mirai variants appeared first on Cybersecurity Insiders.

June 15, 2021 at 09:10AM

Posted in: Cyber Security, Cybersecurity Insiders, Hacking, Hacking Articles, Hacking News, Security