SORA Botnet
The SORA Botnet is a project that was first uncovered at the beginning of February 2020. This campaign is based on the leaked source code of the Mirai Botnet, and it is an unknown cybercriminal's attempt to create a botnet operation that could be used to execute cryptocurrency mining tasks or Distributed-Denial-of-Service (DDoS) attacks. Often, the criminals behind projects like the SORA Botnet do not have any intention to use the attacks against specific targets – instead, they plan to offer DDoS-for-hire services to like-minded cybercriminals.
The SORA Botnet was found to rely on vulnerabilities that were at least a few years old – CVE-2017-17215 and CVE-2018-10564. The botnet operation also tried to exploit vulnerable devices by executing brute-force attacks, which try pairs of popular username and password combos. The device that the SORA Botnet wants to enslave a primarily Internet-of-Things (IoT) devices such as routers, smart surveillance cameras and more. It appeared that SORA Botnet's operators had a particular interest in Huawei and GPON routers running outdated firmware.
Mirai's core features remain unchanged, but cybercriminals abusing this project may continue to add additional features, infection vectors, and other minor changes, which make the attacks a bit more sophisticated. To protect your IoT devices from the SORA Botnet in particular, you should consider:
- Password-protecting the management interface of all IoT devices.
- Tightening the security policies of said devices and disabling non-essential networking features.
- Applying regular updates and matches aiming to mitigate security vulnerabilities.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.