Note: As Brandefense, we would not like to confuse our visitors. The mentioned ZeroBot in this article is a botnet malware targeting IoT vulnerabilities. On the other hand, this content does not about the other tools you can find on the web.
A new botnet malware named ZeroBot has been detected that spreads through IoT security vulnerabilities. Developed with Golang, Zerobot exploits multiple vulnerabilities detected in IoT devices to gain access to targeted systems and spread further.
Vulnerabilities exploited in the deployment process of Zerobot malware include bugs in Zyxel firewalls, TOTOLINK routers, F5 BIG-IP, Spring Framework, D-Link DNS-320 NAS, Hikvision cameras, and FLIR AX8 thermal imaging cameras. It has also been observed that the botnet targets i386, amd64, arm, mips64le, mipsle, arm64, mips, mips64, ppc64, ppc64le, riscv64 and s390x CPU architectures. After communicating with the command and control (C2) server via the WebSocket Protocol, additional instructions allow Zerobot to execute arbitrary commands and launch attacks over various network protocols, including TCP, TLS, UDP, ICMP, and HTTP.
In this context, in order not to be the target of attacks that can be carried out using Zerobot, it is recommended to use the most up-to-date versions of the systems and programs used and to prevent the shared IoC findings related to the botnet from the security solutions in use.
