Actu
NETSCOUT observes two distinct MikroTik-based IoT botnets involved in recent DDoS attacks
October 2021 by NETSCOUT
In June 2021, a new botnet comprising unpatched MikroTik routers emerged. Dubbed M?ris by threat researchers at NETSCOUT, this IOT botnet launched numerous application-layer HTTP and HTTP/S DDoS attacks against multiple targets worldwide, including Krebs On Security and Yandex. According to NETSCOUT’s findings:
There are an estimated 250,000 unpatched MikroTik routers worldwide which can potentially be compromised and incorporated into DDoS-capable botnets like M?ris
There are at least two DDoS-capable IoT botnets, M?ris and Dvinis, inhabiting the same population of unpatched, exploitable MikroTik routers
Since August 2021, NETSCOUT observed multiple HTTP and HTTP/S application-layer DDoS attacks launched by M?ris and Dvinis, and assisted network operators in successfully mitigating these attacks
Both botnets are actively attempting propagation to expand and, to date, NETSCOUT is tracking approximately 4,800 M?ris and 3,500 Dvinis botted nodes
