Summary: A variant of the Mirai botnet, dubbed “gayfemboy,” is exploiting a newly disclosed vulnerability in Four-Faith industrial routers to conduct DDoS attacks, leveraging over 20 known security flaws and weak credentials. This botnet has been active since February 2024 and targets various entities globally, with significant activity noted in late 2024.
Threat Actor: Mirai Botnet Variant | Mirai
Victim: Four-Faith Industrial Routers | Four-Faith Industrial Routers
Key Point :
- Exploits CVE-2024-12856, a command injection vulnerability in specific router models.
- Maintains approximately 15,000 daily active IP addresses, primarily in China, Iran, Russia, Turkey, and the U.S.
- Utilizes a Mirai-based command format to scan for vulnerable devices and launch DDoS attacks.
- Targets hundreds of entities daily, generating traffic around 100 Gbps during attacks.
- Recent activity peaked in October and November 2024, highlighting the botnet’s growing threat.
Source: https://thehackernews.com/2025/01/mirai-botnet-variant-exploits-four.html