Botnet

Mirai

First seen: 2016-08 • Status: active

Currently Active Threat

Mirai took down Twitter, Netflix, and other sites in 2016 by infecting millions of cameras and routers. Its code was released and variants still exist.

Overview

Mirai is the most infamous IoT botnet. Its 2016 DDoS attack on Dyn took down major websites. Source code release led to countless variants.

How It Spreads

  • Default credentials
  • Telnet brute force

What It Does

  • Massive DDoS attacks
  • IoT device compromise
  • Botnet rental

Is your business exposed?

Target Platforms

Linux (IoT), Embedded devices

Detection Tips

  • Change default IoT credentials
  • Monitor for scanning activity

MITRE ATT&CK Techniques

T1498, T1110

If You're Infected

  1. 1.

    Change all default passwords

  2. 2.

    Disable telnet on IoT devices

Related Malware

Mozi, Bashlite

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices