Beastmode Botnet

The source code of the infamous Mirai botnet was released to the public back in 2016. Cybercriminals wasted no time and began abusing their newfound access to the code to create their own botnet variants. Even Six years later, Mirai is still being used as a basis for new potent bonnets. One example is the Beastmode botnet, which is still under active and continued development.

Indeed, infosec researchers have observed that Beastmode has updated its arsenal of exploited vulnerabilities to now include 5 new ones. Three of them - CVE-2022-26210, CVE-2022-26186, and the family of vulnerabilities between CVE-2022-25075 and 25084, can be used to compromise TOTOLINK routers. The exploits were added to the threat just a week after being published on GitHub. In addition, the botnet also targets several obsolete D-LINK products via the CVE-2021-45382 vulnerability. Products belonging to TP-Link, Huwaei, NETGEAR and NUUO NVRmimi2, and NVRsolo also were among the targets of the threatening Beastemode attack campaign.

The main functionality of the botnet concerns the launching of DDoS (Distributed Denial-of-Service) attacks. By sending a massive amount of requests to a chosen target, the cybercriminals can disrupt the normal operations of their victim for a prolonged period. Both users and organizations should not delay updating the firmware of their devices. After all, the operators of the Beastmode botnet have demonstrated their ability to swiftly incorporate new vulnerabilities and get rid of accidental errors. It took them just three days to remove a typo that cybersecurity researchers discovered in the URL - the 'downloadFlile.cgi' used by the observed device was substituted by 'downloadFile.cgi.'