Mozi, a peer-to-peer (P2P) malware known to target internet-of-things devices, has developed new capabilities to target network gateways manufactured by Netgear, Huawei, and ZTE, Microsoft researchers said on Thursday. "Network gateways are a particularly juicy target for adversaries because they are ideal as initial access points to corporate networks. By infecting routers, they can perform man-in-the-middle (MITM) attacks—via HTTP hijacking and DNS spoofing—to compromise endpoints and deploy ransomware or cause safety incidents in OT facilities,” researchers at Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT explained.According to researchers at Netlab 360, who first spotted the Mozi botnet in December 2019, Mozi is known for exploiting routers and digital video recorders in order to assemble them into an IoT botnet, which could be abused for launching distributed denial-of-service (DDoS) attacks, data exfiltration, and payload execution. The malware has evolved from the source code of several known malware families such as Gafgyt, Mirai, and IoT Reaper.Mozi spreads through brute-forcing devices online or by abusing known unpatched vulnerabilities in the target devices, with the IoT malware communicating using a BitTorrent-like Distributed Hash Table (DHT) to record the contact information for other nodes in the botnet. This same technique is used by file-sharing P2P customers. The exploited device listens for commands from the controller node and also attempts to exploit other susceptible devices.Back in September 2020, it was noted in one of IBM X-Force analysis, that Mozi accounted for about 90% of IoT network traffic tracked by security analysts from October 2019 through June 2020, suggesting that attackers are incr ..
Support the originator by clicking the read the rest link below.
