Intrusions exploiting a Cambium Networks cnPilot router zero-day have been launched by threat actors to facilitate the distribution of the AIRASHI botnet, a variant of AISURU, for distributed denial-of-service attacks, primarily targeted at China, the U.S., Poland, and Russia, since June, according to The Hacker News.Aside from the zero-day, threat actors behind AIRASHI also leveraged more than a dozen other security flaws impacting AVTECH IP cameras, Shenzhen TVT appliances, and other devices dating as far back as 2013, a report from QiAnXin XLab researchers showed. "The operator of AIRASHI has been posting their DDoS capability test results on Telegram. From historical data, it can be observed that the attack capacity of the AIRASHI botnet remains stable around 1-3 Tbps," said researchers, who noted the emergence of two different versions of the AIRASHI botnet, one of which features arbitrary command execution while the other allows proxy support. Such findings come after QiAnXin XLab researchers reported an attack with the cross-platform alphatronBot backdoor against Chinese organizations.
Vulnerability Management, IoT, Network Security, Threat Intelligence
Widespread AIRASHI botnet detailed in new report
Threat actors exploit SimpleHelp RMM flaws for network access. (Adobe Stock Images)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds