A new Mirai-based botnet named ShadowV2 targets vulnerable IoT devices from D-Link, TP-Link, and other vendors, exploiting known security flaws. Its global activity during a major AWS outage suggests it might have been a test, with potential for launching large-scale DDoS attacks. #ShadowV2 #MiraiVariant
Keypoints
- ShadowV2 is a Mirai-based botnet targeting IoT devices across multiple sectors worldwide.
- The malware exploits at least eight known vulnerabilities in various IoT products, including outdated D-Link devices.
- It was active during an AWS outage, which may indicate it was a testing phase for future attacks.
- The botnet supports DDoS attacks using UDP, TCP, and HTTP flood methods triggered via C2 commands.
- Firmware updates and awareness of end-of-life devices are crucial in defending against this threat.