Wednesday, May 14, 2025
HomeBotnetNew Version of Echobot Botnet using 26 Powerful Exploits to Attack Oracle,...

New Version of Echobot Botnet using 26 Powerful Exploits to Attack Oracle, D-Link, Dell Apps

Published on

SIEM as a Service

Follow Us on Google News

New Mirai level Botnet Echobot using 26 different exploits for the infection vectors that leveraging the vulnerabilities in Oracle, D-Link, Dell, LINKSYS, REALTEK, Vmware applications and take control of it.

Since 2016, Mirai variant spreading via hundreds of campaigns, similarly researchers from Palo Alto recently uncovered the latest variant contains a total of 18 exploits, 8 of which are new to Mirai.

A researcher from Akamai discovered this updated Echobot variant binary in honeypot system where attackers using 26 different exploits to spread the botnet.

- Advertisement - Google News

Most of the exploits that were being used for this campaign leverages the command execution vulnerabilities that affected various network devices.

New campaign of Echobot adds the various new targets than the old version of following,

Some of the exploits found in this campaign are ten years old that targets the network devices and is believed to be never patched by the respective vendors.

Also, few vulnerabilities that are being exploited in wide has no CVE assigned, and the following table indicates the list of each exploit and assigned CVE.

A researcher from Akamai said, “What I found the most interesting, and not so surprising, is the inclusion of cross-application vulnerabilities. For example, rather than sticking to devices with embedded OSs like routers, cameras, and DVRs, IoT botnets are now using vulnerabilities in enterprise web (Oracle WebLogic) and networking software (VMware SD-WAN) to infect targets and propagate malware.”

Based on the binary comparison using strings, Echobot commonly shared attack code typically derived from the Mirai botnet, but the infection vector of the exploits are different.

There are two commands and control servers are uncovered under the domains akumaiotsolutions.pw and akuma.pw and the DNS data have shown that the records pointing to servers in Italy (80.211.224.232, 80.211.168.74) and the US (198.54.117.200).

Attackers not only rely on new vulnerabilities that target the IoT devices but also focusing on enterprise networks and new exploits they’ve added are older and have remained unpatched by the vendor.

“This is an interesting tactic as these systems if found have remained vulnerable for years and will probably remain vulnerable for many more. Also, there are not just new exploitation vectors to examine but attack vectors as well.” Researcher said.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep yourself updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Leverage Weaponized HTML Files to Deliver Horabot Malware

A recent discovery by FortiGuard Labs has unveiled a cunning phishing campaign orchestrated by...

TA406 Hackers Target Government Entities to Steal Login Credentials

The North Korean state-sponsored threat actor TA406, also tracked as Opal Sleet and Konni,...

Google Threat Intelligence Releases Actionable Threat Hunting Technique for Malicious .desktop Files

Google Threat Intelligence has unveiled a series of sophisticated threat hunting techniques to detect...

New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution

Adobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

New HTTPBot Botnet Rapidly Expands to Target Windows Machines

The HTTPBot Botnet, a novel Trojan developed in the Go programming language, has seen...

20-Year-Old Proxy Botnet Network Dismantled After Exploiting 1,000 Unpatched Devices Each Week

A 20-year-old criminal proxy network has been disrupted through a joint operation involving Lumen’s...

Mirai Botnet Actively Targeting GeoVision IoT Devices for Command Injection Exploits

The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command...