Hakai Iot Botnet Wages War Against D-Link and Huawei Routers

The Hakai IoT botnet is a dangerous threat that is being distributed in a global attack campaign targeting home routers of all popular brands. It is built on the foundations of an older threat featuring heavy upgrades.

Hakai Iot Botnet Attacks Routers

The Hakai IoT botnet is a recent malicious payload that has been identified in a global attack campaign. It attempted to intrude onto user networks by targeting home routers via vulnerability testing. The criminals behind it insert scripts that automatically probe for target devices and look out for the issue. The attacks began by probing Huawei Hg352 routers with the CVE-2017-17215 exploit. It takes advantage of a remote code execution vulnerability allowing hackers to execute commands of their own choosing. Affected systems will react if malicious packets are sent over port 37215. To counter any possible abuse the owners of these devices should update their firmware to the latest available version.

In August the security researchers tracking the Hakai IoT found out that the Hakai IoT botnet was upgraded to act against a wider range of devices — D-Link Routers using the HNAP protocol, generic IoT devices and Realtek routers. This change shows that the criminals behind it keep the threat constantly updated, it is possible that a larger collective is behind its development.

There are several main characteristics that are unique to Hakai:

  • Port Scanner — The Hakai botnet can scan the open ports of target devices, automated entry attempts are made using the most commonly used services.
  • Custom Versions Creation — Two offspring versions coming from Hakai have been identified — they are called Kenjiro and Izuku. They feature slight code variations.
  • Active Development— In comparison with other botnets Hakai has a considerably shorter (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/hakai-iot-botnet-wages-war-d-link-huawei-routers/