skip to Main Content

The Hakai new IoT botnet grows silently and becomes dangerous

The Hakai IoT botnet was discovered in June by NewSky Security, but at time it was inactive. Then it’s started growing up, becoming more sophisticated and launching cyber attacks

There is a new IoT botnet, that is silently growing and becoming more sophisticated: it’s dubbed Hakai. It’s based on the famous LizardStresser botnet and targets D-Link, Huawei and Realtek routers, nut not only. It attacks devices that use weak passwords with a telnet scanner. It has first discovered in June by cyber security experts at NewSky Security, and at that moment it wasn’t active or highly sophisticated. But in the next months it grew up and launched the first cyber attack in July. So the botnet attracted the attention of other cyber defense companies and researchers. Now it’s considered highly dangeours and companies are worrying about it effects. It’s creator, who contacted out security researchers until recently, has suddenly disappeared after the arrest of the Satori botnet operator, Nexus Zeta. Moreover, moving also the botnet’s C2 server.

Tempest Security: The infection method is the same as used by other botnet sas Gafgyt and LizardStresser

Meanwhile, the Hakai IoT botnet continue to spread and attack different targets worldwide. Some of the latest are located in Latin America, particulary in Brazil, as Tempest Security blog reported. In a post the cyber security experts explained that “has been detected by our sensors 134 times just this month (August) and, so far, it is using 119 different IP addresses. The infection method is the same as used by other botnets. It takes advantage of a remote command execution vulnerability. After the infection, the device connects to the attacker’s control panel and receives commands to attack or to attempt to infect other devices”. Furthermore, “the control panel closely resembles to Gafgyt botnet, which had its source code released years ago and was also identified as LizardStresser — the botnet used by the Lizard Squad group in its DDoS-as-a-service”.

The Tempest Security post with IOCs

Back To Top