Home IoT Hacker’s botnet enslaves 18,000 Huawei devices in 24 hours

IoT Hacker’s botnet enslaves 18,000 Huawei devices in 24 hours

Building a botnet is no longer a big, time-consuming task, and can be done within 24 hours. At least, that’s what a hacker, who goes by the pseudonym Anarchy, claims. This hacker in question has created a botnet that has compromised over 18,000 Huawei routers within 24 hours.

Anarchy Botnet

The cyber attacker built the botnet by using an old vulnerability that was spotted by researchers from NewSky Security last Christmas. Following the outbreak of the news, other security firms including Rapid7 and Qihoo 360 Netlab has also confirmed the existence of the new threat. The firms saw a huge recent uptick in Huawei device scanning, which was to scans seeking devices vulnerable to CVE-2017-17215. It is a critical security flaw in Huawei HG532 devices which can be exploited through port 37215.

The motives of Anarchy are not yet clear. However, he has reached out to NewSky Security researcher Ankit Anubhav saying he wants “to make the biggest baddest botnet in town”. He’s probably talking of a distributed denial-of-service (DDoS) attack here. The hacker also revealed an IP list of victims to Anubhav, which has not been made public for obvious reasons.
What’s surprising here is that the CVE-2017–17215 vulnerability has been previously weaponized in two distinct IoT botnet attacks, namely Satori and Brickerbot. The working exploit code to compromise Huawei routers using this flaw was released to the public in January this year. “It’s painfully hilarious how attackers can construct big bot armies with known vulns,” Anubhav added.
Anubhav suspects that Anarchy may actually be the well-known threat actor Wicked, who has been linked with the creation of the Owari/Sora botnets before.
Botnets can be used to perform a DDoS attack to send malicious packets of data to a device and remotely execute code. The LizardStresser botnet, for example, was able to launch 400Gbps attacks on vulnerable IoT devices.
The story, however, may not be over. Anarchy/Wicked intends to enslave more devices by starting a scan for Realtek router vulnerability CVE-2014-8361.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.