- ShadowV2, a Mirai-based cloud-based botnet, appeared briefly during an AWS outage
- It likely targeted IoT devices as part of a multi-vendor vulnerability test.
- ShadowV2 is present in more than twenty countries and can return and reflect the disruptive legacy of Mirai DDoS attacks.
Another botnet built on the foundation of the infamous Mirai was recently spotted in the wild, but only for a short time, suggesting it may be preparing for a larger attack.
Security researchers at FortiGuard Labs say they discovered a new botnet called ShadowV2 that was only active during the recent AWS outage, meaning it was only “active” for 15 hours.
During this time, it targeted several vulnerabilities from different manufacturers (DD-WRT, D-Link, DigiEver, TBK and TP-Link) and created a network of similar routers, Wi-Fi access points, NAS boxes, DVRs, network video recorders and similar Internet of Things (IoT) hardware.
Mirai development
The botnet could have been used in the same way as Mirai: to launch a distributed Denial of Service (DDoS), scans the Internet for vulnerable devices, uses brute force credentials, infects them and uses them to spread further.
FortiGuard Labs believes that its appearance was only a “test” and that the botnet is likely to reappear in the future.
ShadowV2 is a cloud-based botnet that previously only targeted AWS EC2 instances. But it has since evolved to appeal to multiple industries, including technology, retail, hospitality, government, telecommunications and more. It has been found in more than twenty countries around the world, including Canada, the United States, the United Kingdom, China, Russia, Saudi Arabia, and many others.
There is currently no information available on the number of devices infected by ShadowV2 or the current growth of the botnet. We know that it is primarily designed for IoT devices.
Shortly after testing ShadowV2, Azure was hit by the “biggest” cloud-based DDOS attack ever, carried out by the Aisuru botnet, also considered a “descendant” of Mirai and sometimes called “Turbo Mirai”.
Mirai is often referred to as a “revolutionary IoT malware” that became known for creating some of the largest and most disruptive botnets of all time, destroying websites and critical internet infrastructure around the world.
IN the record