Leaked Plans Reveal Mirai-Like Russian IoT Botnet
March 24, 2020 Share

Leaked Plans Reveal Mirai-Like Russian IoT Botnet

A hacking group has released details of a Russian intelligence project to build a Mirai-like IoT botnet.

Digital Revolution is well known for hacking organizations that do business with the Federal Security Service (FSB). Last week it published technical documents detailing a project known as “Fronton.”

It proposes a scheme to compromise unsecured smart devices by cracking their factory default passwords. The resulting zombie devices would be formed into a botnet and used to launch DDoS attacks on FSB targets.

Originally created in 2017-18, the 12 documents list the Fronton, Fronton-3D and Fronton 18 projects.

They appear to be the work of Moscow-based FSB contractor, 0Day, which Digital Revolution claimed to have hacked back in April 2019.

It may have been commissioned to do so by a main contractor known as InformInvestGroup CJSC by order of military unit No. 64829, aka the FSB Information Security Center, according to BBC Russia.

The leaked documents specify that the botnet be 95% compromised of IP cameras and digital video recorders, making it even more similar to Mirai, which caused major disruption to popular websites back in 2016 after launching a powerful DDoS attack at DNS provider Dyn.

The FSB’s IoT botnet was designed to be controlled by a C&C-based administrative tool obfuscated by VPNs and proxy servers.

Last July, Digital Revolution revealed more details of secret FSB projects after a major Russian defense contractor, SyTech, was breached.

One project, Nautilus-S, described an attempted de-anonymization of the Tor network, which began back in 2012.

Another was linked to an effort to harvest information on Russian social media users, whilst two more projects, dubbed Hope and Tax-3, were related to attempts by the Putin administration to split the country’s internet infrastructure from the global web.

This post Leaked Plans Reveal Mirai-Like Russian IoT Botnet originally appeared on InfoSecurity Magazine.

Read More