Summary: Threat actors are exploiting a zero-day vulnerability in Cambium Networks cnPilot routers to deploy the AIRASHI variant of the AISURU botnet for DDoS attacks. The botnet has been active since June 2024, leveraging multiple known vulnerabilities and targeting devices primarily in Brazil, Russia, Vietnam, and Indonesia. AIRASHI has evolved with new features, including proxy functionality, indicating a shift in the threat actors’ capabilities and intentions.
Threat Actor: AISURU botnet operators | AISURU
Victim: Various IoT device users | Cambium Networks cnPilot routers
Keypoints :
- Exploitation of a zero-day vulnerability in Cambium Networks routers has been linked to the AIRASHI botnet.
- AIRASHI has shown stable DDoS attack capabilities ranging from 1-3 Tbps and has been active since June 2024.
- The botnet has two variants: AIRASHI-DDoS, focusing on DDoS attacks, and AIRASHI-Proxy, which includes proxy functionality.
Source: https://thehackernews.com/2025/01/hackers-exploit-zero-day-in-cnpilot.html