Botnet

Mozi

First seen: 2019-09 • Status: disrupted

Disrupted by Law Enforcement

Mozi was a huge botnet that infected routers and security cameras. Chinese police arrested the creators but it took years to fully stop.

Overview

Mozi was a P2P IoT botnet that infected routers and DVRs. Chinese authorities arrested its operators in 2021, but it persisted until a kill switch in 2023.

How It Spreads

  • IoT device exploitation
  • Known vulnerabilities

What It Does

  • DDoS attacks
  • IoT device compromise
  • P2P propagation

Is your business exposed?

Target Platforms

Linux (IoT), MIPS devices

Detection Tips

  • Monitor IoT device traffic
  • Watch for known Mozi ports

MITRE ATT&CK Techniques

T1498, T1190

If You're Infected

  1. 1.

    Update IoT device firmware

  2. 2.

    Segment IoT networks

Related Malware

Mirai

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices