US disrupts botnet used by Russia-linked APT28 threat group

The US government has disrupted a network of routers that were being used by the Russia-linked threat group APT28 to conceal malicious cyber activities. 

"These crimes included vast spear-phishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as US and foreign governments and military, security, and corporate organisations," said the US Department of Justice (DoJ) in a statement.

APT28, tracked by...

16 February 2024 | Security

‘Pandoraspear’ botnet hijacks smart TVs and boxes

Cybercrime syndicate Bigpanzi stands accused of orchestrating a massive Distributed Denial of Service (DDoS) botnet named 'Pandoraspear'.

Pandoraspear has reportedly infected potentially millions of smart TVs and set-top boxes, with at least 170,000 bots actively running during the campaign's peak.

The infection mechanism primarily targets Android-based smart TVs and streaming hardware, exploiting users who visit dubious streaming sites on their smartphones. Upon...

18 January 2024 | Consumer IoT & Wearables

Mirai variant ‘Beastmode’ exploits fresh vulnerabilities

A variant of the Mirai botnet called Beastmode has been observed exploiting recently-discovered vulnerabilities.

The Mirai botnet is composed primarily of IoT and embedded devices. In 2016, Mirai made national headlines when it used exploited connected devices to overwhelm several high-profile targets with record-setting Distributed Denial-of-Service (DDoS) attacks.

Mirai’s original creator was arrested in the fall of 2018 but variants have continued to emerge which...

4 April 2022 | IoT

Researchers discover another Mirai variant targeting new IoT vulnerabilities

Security researchers from Palo Alto Networks have discovered another Mirai variant that is targeting new IoT vulnerabilities.

Researchers from Unit 42, the cybersecurity division of Palo Alto Networks, discovered a number of attacks on Feb 16th, 2021 that leveraged vulnerabilities including:

VisualDoor (a SonicWall SSL-VPN exploit).CVE-2020-25506 (a D-Link DNS-320 firewall exploit).CVE-2020-26919 (a Netgear ProSAFE Plus exploit).Possibly CVE-2019-19356 (a Netis WF2419...

16 March 2021 | Enterprise

Netlab researchers discover IoT botnets HEH and Ttint

Security researchers from Netlab have discovered two new IoT botnets called HEH and Ttint.

Netlab is the network research division of Chinese cybersecurity giant Qihoo 360. The company’s researchers first spotted the Ttint botnet targeting Tenda routers using two zero-day vulnerabilities.

Ttint spreads a remote control trojan based on code from the Mirai malware.

Mirai caused widespread chaos in 2016 when it hit DNS provider Dyn and impacted popular services...

7 October 2020 | Security