Marcel SIneM(S)USNov 4, 2023
Sicherheitsforscher rätseln: Wer hat das #Mozi-#Botnet abgeschaltet? | Security https://www.heise.de/news/Sicherheitsforscher-raetseln-Wer-hat-das-Mozi-Botnet-abgeschaltet-9352132.html #Malware #MoziBotnet
Sicherheitsforscher rätseln: Wer hat das Mozi-Botnet abgeschaltet?

Ende September hat das IoT-Botnet sich selber kontrolliert heruntergefahren. Experten haben eine Vermutung, wer die Abschaltung veranlasste.

heise online
🛡 [email protected]/:~# Nov 2, 2023

"⚰️ Mozi Botnet's Mysterious Demise: The Kill Switch Discovery 🕵️‍♂️"

Researchers at ESET have uncovered the kill switch that led to the abrupt downfall of the Mozi botnet, a notorious threat to IoT devices. The botnet's activity plummeted in August 2023, first in India and then in China, as a result of a control payload delivered via UDP, bypassing the BitTorrent DHT protocol. This strategic takedown raises questions about its orchestrators - the botnet creators themselves or Chinese law enforcement. 🤔💡

Tags: #MoziBotnet #KillSwitch #CyberForensics #IoTSecurity #BotnetTakedown #ESETResearch #CyberSecurity #ThreatIntelligence

Credit: Ivan Bešina, Michal Škuta, Miloš Čermák via WeLiveSecurity

For a detailed analysis of the Mozi botnet's kill switch and its implications, stay tuned to ESET's upcoming publications. Meanwhile, explore the MITRE ATT&CK techniques used:

  • Resource Development: Acquiring infrastructure like virtual private servers.
  • Initial Access: Exploiting public-facing applications.
  • Persistence: Using boot or logon initialization scripts.
  • Exfiltration: Sending data over unencrypted protocols.
  • Impact: Stopping services and blocking access with iptables.

🔐 MITRE ATT&CK - Mozi

Who killed Mozi? Finally putting the IoT zombie botnet in its grave

ESET researchers describe how they found a kill switch that had been used to take down one of the most prolific botnets out there – Mozi