Botnet takes advantage of AWS outage to smack 28 countries

A Mirai-based botnet named ShadowV2 emerged during last October's widespread AWS outage, infecting IoT devices across industries and continents, likely serving as a "test run" for future attacks, according to Fortinet's FortiGuard Labs.

After infecting vulnerable gear to form a zombie army of IoT devices, the ShadowV2 Mirai variant allows an attacker to remotely control the network of equipment and perform large-scale attacks, including distributed-denial-of-service (DDoS) traffic-flooding events. 

Luckily, the malware only remained active during the day-long outage, which also knocked major websites offline for hours. 

During that time, it propagated via several vulnerabilities affecting devices from multiple vendors, including DD-WRT (CVE-2009-2765), D-Link (CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915), DigiEver (CVE-2023-52163), TBK (CVE-2024-3721), and TP-Link (CVE-2024-53375), antivirus analyst Vincent Li said in a Wednesday blog post. 

While ShadowV2, a cloud-native botnet, previously targeted AWS EC2 instances in September campaigns, the more recent bot-building effort affected multiple sectors, including technology, retail ...