New Mirai campaign targets new IoT devices

Mirai IoT botnet

Security researchers spotted an increase in new activity from the Mirai IoT botnet. This new campaign targets organizations in Argentina, but has spread to other parts of South America and North Africa.

Trend Micro spotted the activity and increase in “red flag” traffic on ports 2323 and 23. Columbia was the main target in second wave of attacks, as well as the countries of Ecuador, Egypt, Argentina and Tunisia. 

The campaign continued to exploit ZyXEL modems as entry points, but has expanded to the Tenvis TH692 Outdoor P2P HD Waterproof IP Camera.

The first instance of “Wproot” (default account) credentials showing up on monitoring reports appeared on November 29 after the malicious activity started. 

We wrote last Monday that another variation of the Mirai botnet was targeting internet connected devices made by ZyXEL Communications. That botnet targeted ZyXEL devices that use the default admin/CentryL1nk and admin/QwestM0dem telnet credentials via port 23 and 2323.

This highlights dangers in unsecured Internet of Things (IoT) devices.