Satori creator linked with new Mirai variant Masuta
Nexus Zeta behind botnet that weaponises router exploit to enlist further vulnerable IoT devices. The author of Satori botnet may also be behind two new Mirai variants called Masuta and PureMasuta.
According to a blog post by researchers at NewSky Security, the hacker, who goes by the name Nexus Zeta, has created a new version that weaponises a router exploit, enabling the botnet to assimilate vulnerable IoT devices and multiply.
Researchers managed to acquire the source code of Masuta (Japanese for “master”) botnet in an invite-only dark forum. Further investigation uncovered a link between Satori and Masuta.
Last month, researchers identified the hacker Nexus Zeta, exploiting a zero-day flaw in Huawei routers to accelerate Satori attacks.
“The WHOIS information for the URL also states contact as nexuszeta1337@gmail(.)com, indicating that Nexus Zeta is not a one hit wonder creator of Satori, but also has been involved in the creation of the Masuta botnet,” said Ankit Anubhav, principal researcher at NewSky Security. He added that the Masuta attacks have been on the rise since September as honeypots observed 2400 IPs involved in the botnet in last three months.
But researchers said that with the second variant, called PureMasuta, what makes it stand out is the usage of EDB 38722 D-Link exploit.
Source | scmagazineuk.com