Juniper Networks warns Mirai botnet is back and targeting new devices

DDoS attack
(Image credit: FrameStockFootages / Shutterstock)

  • Juniper Networks warns Mirai botnet is scanning for vulnerable routers
  • The campaign started in mid-December 2024, and includes DDoS attacks
  • Users should tighten up on security, researchers say

Operators of the Mirai botnet are back, and looking for easy-to-compromise Session Smart routers to assimilate, experts have warned.

Cybersecurity researchers from Juniper Networks, who recently published a new security advisory, warning its customers of the ongoing threat, noted the malware is scanning for internet-connected Session Smart routers that are using default login credentials.

Those that fall into this category are accessed, and used for a wide variety of malicious activities, but mostly Distributed Denial of Service (DDoS) attacks. The campaign apparently started on December 11, and could still be ongoing.

Mirai's turbulent past

"On Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms," Juniper said in the security advisory. "Any customer not following recommended best practices and still using default passwords can be considered compromised as the default SSR passwords have been added to the virus database."

The best way to protect against the threat is to make sure your internet-connected devices do not use factory login credentials. Instead, they should be protected with strong passwords and, if possible, placed behind a firewall.

The Mirai botnet is infamous for targeting Internet of Things (IoT) devices, and then using them to launch massive DDoS attacks. It is also known for exploiting weak or default credentials on devices like routers, cameras, and other IoT hardware. It was first spotted in 2016, but gained notoriety after targeting Krebs on Security in September 2016 and mounting the Dyn DNS attack in October 2016.

Mirai is arguably the most popular botnet out there, but it’s not the only threat. StormBot, Mozi, Satori, or Mantis are all malware variants known for launching disruptive attacks across the web. It also survived multiple takedown attempts, including the source code leak from 2016, the arrest of its developers in 2017, and multiple law enforcement campaigns.

Via BleepingComputer

You might also like

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
TP-Link and NR routers targeted by worrying new botnet
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Industrial routers are being hit by zero-days from new Mirai botnets
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Dangerous new botnet targets webcams, routers across the world
DDoS Attack
Watch out, your office phone could be hijacked into a Mirai botnet
China
Chinese hackers targeting Juniper Networks routers, so patch now
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
Zotac Gaming RTX 5090 Graphics Card
Nvidia Blackwell stock woes are compounded by price hikes as more RTX 5090 GPUs soar in pricing, and I’m sick and tired of it all at this point
A collage of Elizabeth Olsen's Scarlet Witch and Tatiana Maslany's She-Hulk
Marvel fans are already tired of Doomsday and Secret Wars cast gossip as two more superheroes get linked with roles in the next two Avengers movies
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'
An Apple Music pink/pixellated poster advertising DJ with Apple Music
DJ with Apple Music lands, allowing subscribers to build and mix DJ sets directly from its +100 million-song catalog