- ShadowV2, a Mirai-based cloud-native botnet, emerged briefly during an AWS outage
- It targeted IoT devices via multiple vendor vulnerabilities, likely as a test run
- Found across 20+ countries, ShadowV2 may return, echoing Mirai’s disruptive DDoS legacy
Another botnet built on the foundations of the infamous Mirai has recently been seen in the wild, but only briefly – suggesting it may be preparing for a larger attack.
Security researchers from FortiGuard Labs claim to have spotted a new botnet called ShadowV2 that was only active during the recent AWS outage, meaning it was not alive for more than 15 hours.
During that time, it targeted multiple vulnerabilities from multiple manufacturers (DD-WRT, D-Link, DigiEver, TBK, and TP-Link) and created a network of assimilated routers, Wi-Fi access points, NAS boxes, DVRs, network video recorders, and similar Internet of Things (IoT) hardware.
Evolution of Mirai
The botnet could have been used in the same way Mirai was used – to launch Distributed Denial of Service (DDoS) attacks, scan the Internet for vulnerable devices, brute-force their credentials, infect them and use them for further propagation.
FortiGuard Labs believes that its emergence only served as a “test run” and that the botnet is likely to return in the future.
ShadowV2 is a cloud-native botnet that previously only targeted AWS EC2 instances. However, it has since evolved to target multiple industries, including technology, retail, hospitality, government, telecommunications and more. It was found in more than two dozen countries around the world, including Canada, the United States, the United Kingdom, China, Russia, Saudi Arabia, and many others.
So far, there is no word on how many devices are infected with ShadowV2 or if the botnet is growing right now. We know that it is primarily built for IoT devices.
Shortly after ShadowV2’s test run, Azure was hit by the “biggest” ever cloud-based DDOS attack, carried out by the Aisuru botnet – which is also considered a “descendant” of Mirai and is sometimes described as “Turbo Mirai”.
Mirai is often referred to as a “groundbreaking IoT malware” that was infamous for creating some of the largest and most disruptive botnets ever, knocking major websites and internet infrastructure offline worldwide.
Via The register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
