Mozi Botnet’s Mysterious Shutdown: Chinese Authorities or Botnet Operators at Play?
ESET researchers speculate that the recent shutdown of the Mozi botnet may have been a deliberate choice by its operators, possibly in response to pressure from Chinese authorities.
Mozi is an IoT botnet that first emerged in late 2019, borrowing code from Mirai variants and Gafgyt malware. In mid-2021, researchers estimated that it had infected over 1.5 million systems, with a significant portion located in China.
Notably, in August 2021, Microsoft reported that the botnet had been upgraded to target network gateways from manufacturers like Netgear, Huawei, and ZTE.
However, ESET researchers observed a significant and unexplained drop in the botnet’s activity in August 2023. In September, ESET discovered the distribution of a kill switch to the Mozi bots, which led to a loss of functionality and was designed to maintain persistence.
Did #Mozi botnet just die? In August 2023, #ESETResearch observed an unexpected massive nosedive in activity of this notorious IoT threat. A month later, we discovered the cause: a kill switch distributed to its bots. 1/4 pic.twitter.com/eQrpkt3lGK
— ESET Research (@ESETresearch) November 1, 2023
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
This kill switch implemented several functions, including disabling system services, replacing the original Mozi file, executing router/device configuration commands, and establishing a foothold similar to the original Mozi file.
The kill switch binaries were signed with the correct private keys and strongly resemble Mozi’s original source code. This can mean one of two things: Mozi was taken down either by its creators or by Chinese law enforcement. 3/4 pic.twitter.com/qX8KiuZHit
— ESET Research (@ESETresearch) November 1, 2023
Trending: Jeff Foley – OWASP Amass Founder
Trending: Recon Tool: CHOMTE.SH
Despite the loss of functionality, the bots maintained persistence, indicating a deliberate and calculated takedown. ESET believes this takedown could have been executed by the creators of the Mozi botnet or Chinese law enforcement agencies, which may have compelled cooperation from the botnet creators.
The demise of Mozi, one of the most prolific IoT botnets, offers a unique insight into the world of cyberforensics and the complex dynamics of botnet creation, operation, and dismantling.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: securityaffairs.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
