Mirai variant ‘Beastmode’ exploits fresh vulnerabilities

A variant of the Mirai botnet called Beastmode has been observed exploiting recently-discovered vulnerabilities.

Mirai ‘Beastmode’ variant exploits new vulnerabilities
A variant of the Mirai botnet called Beastmode has been observed using recently discovered vulnerabilities.
The Mirai botnet primarily consists of IoT and embedded devices. In 2016, Mirai made national headlines when it used compromised connected devices to defeat several high-profile targets in record-breaking Distributed Denial-of-Service (DDoS) attacks. – Seizure

The original creator of Mirai was arrested in the fall of 2018, but variants that exploit new vulnerabilities continue to appear.

Fortinet security researchers have observed the Beastmode variant and found that it aggressively updates its “arsenal of exploits”. Fortinet researchers found that Beastmode added five new exploits in one month.

Three of the exploits use vulnerabilities discovered between February and March 2022 to target various models of TOTOLINK routers:

CVE-2022-26210 targets the TOTOLINK A800R, A810R, A830R, A950RG, A3000RU, and A3100R.
CVE-2022-26186 targets TOTOLINK N600R and A7100RU.
A. A.2022-25075/25076/25077/25078/25079/25080/25081/25082/25083/25084 is a family of similar vulnerabilities targeting TOTOLINK A810R, A830R, A80R, A80 , A80R, A80R, A80R, A80R, A80R A30R, A906R, A30R, A906R
Fortinet noted how in samples collected three days after the first one was caught on February 20, 2022, a typo in the URL used for the third set of vulnerabilities was corrected, “suggesting active development and exploitation of this campaign.”