A recent emergence of a Mirai-based botnet, ShadowV2, has raised significant concerns in the cybersecurity landscape. This botnet exploited vulnerabilities during last October’s widespread outage of Amazon Web Services (AWS), affecting numerous countries around the globe.
Impact of ShadowV2 Botnet
ShadowV2 notably infected Internet of Things (IoT) devices across various sectors, including technology, retail, hospitality, and government. The botnet’s activity demonstrated its capability to launch distributed-denial-of-service (DDoS) attacks, targeting critical infrastructure during the AWS outage.
Details of the Attack
According to Fortinet’s FortiGuard Labs, the ShadowV2 botnet likely served as a test for larger future offensives. It successfully harnessed a network of infected devices, with the attack primarily occurring within a 24-hour window. In particular, it leveraged several known vulnerabilities in devices from multiple manufacturers, including:
- DD-WRT (CVE-2009-2765)
- D-Link (multiple vulnerabilities, including CVE-2020-25506 and CVE-2022-37055)
- DigiEver (CVE-2023-52163)
- TBK (CVE-2024-3721)
- TP-Link (CVE-2024-53375)
Countries Affected
The botnet impacted 28 countries, including:
- Canada
- United States
- Mexico
- Brazil
- Chile
- United Kingdom
- France
- South Africa
- Australia
- And many others across Europe, Asia, and South America
Technical Insights
ShadowV2 operates by dropping a downloader script, which delivers the malware using specifically designed binaries. Analysts have noted that the botnet displays a build string indicating it may be the first version specifically developed for IoT targets.
In a related note, shortly after ShadowV2’s activity, Microsoft reported a massive cloud-based DDoS attack originating from the Aisuru botnet, marking the largest in history.
Recommendations for Cybersecurity
Security experts recommend securing IoT devices, updating firmware regularly, and monitoring networks for unusual traffic. Fortinet has provided a list of indicators of compromise to help organizations identify and mitigate threats effectively.
The emergence of ShadowV2 serves as a stark reminder of the vulnerabilities present in IoT devices and the need for heightened security measures across the board.
