- A new botnet called Eleven11bot was spotted in the wild
- It leverages weak and default credentials to compromise IoT devices
- The botnet is operated by Iranian threat actors
Cybersecurity researchers say they have uncovered the “biggest non-government botnet” in recent years.
It is called Eleven11bot, and its malware was found on more than 86,000 Internet of Things (IoT) devices, according to multiple research teams, including Nokia, GreyNoise, and The Shadowserver Foundation.
The botnet is most likely operated by an Iranian threat actor, GreyNoise reported. It found some 1,400 IPs operating the botnet, the majority of which are based in the Middle Eastern country. The threat actors seem to be hunting for IoT devices with factory or weak credentials, and actively scanning for exposed Telnet and SSH ports, with compromised devices including webcams, Network Video Recorders (NVR), and similar.
Exceptional size
At the same time, The Shadowserver Foundation analyzed the spread of the malware, and found that the majority of compromised endpoints are located in the United States, United Kingdom, Mexico, Canada, and Australia.
Botnets are most commonly used for Distributed Denial-of-Service (DDoS) attacks, where infected devices overwhelm a target server, causing disruptions.
They are also used for sending massive spam campaigns, distributing phishing emails or malware while avoiding detection. Cybercriminals leverage botnets for credential stuffing and brute-force attacks, trying to break into accounts using stolen credentials.
Another frequent use is click fraud, where infected machines generate fake ad clicks to inflate revenue. Botnets also enable cryptojacking, secretly mining cryptocurrency on victims’ devices, slowing them down and increasing electricity costs. Additionally, they are used for data theft and espionage, stealing login credentials, financial data, or trade secrets.
Via BleepingComputer
