This article discusses the ongoing large-scale DDoS attacks orchestrated by an IoT botnet that exploits vulnerable devices, primarily targeting companies in Japan and other countries. The botnet utilizes malware derived from Mirai and Bashlite, affecting various sectors and employing multiple DDoS attack methods. Affected: Japan, North America, Europe
Keypoints :
- Large-scale DDoS attacks monitored since the end of 2024.
- Attacks primarily target companies in Japan, with a global impact.
- The botnet consists of malware derived from Mirai and Bashlite.
- Infection occurs through exploiting vulnerabilities and weak passwords.
- Devices targeted include wireless routers and IP cameras.
- Commands issued to the botnet include various DDoS attack methods.
- Differences in command usage observed between domestic and international targets.
- Recommendations provided for improving IoT device security.
- Countermeasures suggested for mitigating DDoS attacks.
MITRE Techniques :
- T1071.001 – Application Layer Protocol: The botnet uses various application layer protocols for command and control communications.
- T1203 – Exploitation for Client Execution: The malware exploits remote code execution vulnerabilities to infect IoT devices.
- T1499 – Endpoint Denial of Service: The botnet conducts DDoS attacks that overload network resources.
- T1498 – Network Denial of Service: The botnet employs commands to perform network-level DDoS attacks.
- T1070.001 – Indicator Removal on Host: The malware manipulates iptables to hide its presence and delay detection.
Indicator of Compromise :
- [domain] example.com
- [url] http://malicious-website.com
- [ip address] 192.0.2.1
- [file hash] 123abc456def789ghi
- [tool name] Mirai
- Check the article for all found IoCs.
Full Research: https://www.trendmicro.com/en_us/research/25/a/iot-botnet-linked-to-ddos-attacks.html