Hello!
There has been a huge uptick of the Mozi botnet[1] from Indian networks(major chunk from a single network) in the past one week.
Based on prior information about Mozi and what I have seen at first glance, it appears to have primarily targeted CPE's with default login/weak credentials, but there could be more.
Some of the affected CPE's along with mitigation outlined by Netlab 360 [2]
[1]: https://www.darkreading.com/iot/new-malware-family-assembles-iot-botnet--/d/... [2]: https://blog.netlab.360.com/mozi-another-botnet-using-dht/
The Institute for Internet-Security, DE has released mitigation steps for Mirai [1]
[1]: https://www.internet-sicherheit.de/research/botnetze/iot-botnetze/mozi/
On Mon, Sep 21, 2020 at 10:07 PM Swapneel Patnekar swapneel@brainattic.in wrote:
Hello!
There has been a huge uptick of the Mozi botnet[1] from Indian networks(major chunk from a single network) in the past one week.
Based on prior information about Mozi and what I have seen at first glance, it appears to have primarily targeted CPE's with default login/weak credentials, but there could be more.
Some of the affected CPE's along with mitigation outlined by Netlab 360 [2]
-- Best, Swapneel https://brainattic.in/blog
-
Swapneel Patnekar