Skip to main content
CyberSecurity

Hackers Exploit CNPilot Routers for AIRASHI DDoS Botnet

simran January 22, 2025
Hackers Exploit CNPilot Routers for AIRASHI DDoS Botnet

AIRASHI DDoS Botnet Exploits Cambium Networks cnPilot Router Vulnerability

Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks.

Exploitation Timeline

According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse.

Exploited Vulnerabilities

Some of the other flaws weaponized by the distributed denial-of-service (DDoS) botnet include:

Decentralized Nature of the P2P Protocol

The decentralized nature of the P2P protocol means that an attacker can issue commands through any of the compromised nodes without having to route them through a single C2 server, thus making the botnet a lot more resilient to takedowns.

Compromised Devices

"The 700+ P2P networks built into the backdoor consist of infected network device components from 80 countries and territories," the company said. "The nodes involve MikroTik routers, Hikvision cameras, VPS servers, DLink routers, CPE devices, etc."

Similar Payload Delivery Framework

Last year, XLab also detailed a sophisticated and stealthy payload delivery framework codenamed DarkCracks that exploits compromised GLPI and WordPress sites to function as downloaders and C2 servers.

Objectives of the AIRASHI Botnet

Its primary objectives are to gather sensitive information from infected devices, maintain long-term access, and use the compromised, stable, high-performance devices as relay nodes to control other devices or deliver malicious payloads, effectively obfuscating the attacker’s footprint.

Compromised Systems

"The compromised systems were found to belong to critical infrastructure across different countries, including school websites, public transportation systems, and prison visitor systems."

Stay Informed

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Source Link

Next Post

You May Also Like

Microsoft Cracks Down on Malicious Copilot AI Use
Microsoft Cracks Down on Malicious Copilot AI UseCyberSecurity

Microsoft Cracks Down on Malicious Copilot AI Use

simransimranJanuary 13, 2025
PNGPlug Loader Spreads ValleyRAT Malware via Fake Installers
PNGPlug Loader Spreads ValleyRAT Malware via Fake InstallersCyberSecurity

PNGPlug Loader Spreads ValleyRAT Malware via Fake Installers

simransimranJanuary 22, 2025
Matt Mullenweg Declares Holiday Break for WordPress.org Services
Matt Mullenweg Declares Holiday Break for WordPress.org ServicesWordpress

Matt Mullenweg Declares Holiday Break for WordPress.org Services

simransimranJanuary 13, 2025

FUSION MAG