"Mirai Malware: Expanding Targets and Reloading Exploits for Massive Router Botnet"
A Mirai-based DDoS malware botnet known as IZ1H9 has expanded its targets by adding thirteen new payloads to exploit vulnerabilities in Linux-based routers and routers from various manufacturers. The botnet compromises devices to enlist them in its DDoS swarm and launches attacks on specified targets. The campaign targets a range of vulnerabilities dating from 2015 to 2023, affecting devices from D-Link, Zyxel, TP-Link, TOTOLINK, and others. The malware uses a command and control server to execute DDoS attacks, with supported attack types including UDP, UDP Plain, HTTP Flood, and TCP SYN. Users are advised to use strong admin credentials, update firmware, and minimize exposure of IoT devices to the public internet.