Monday, June 17, 2024

HNS IoT Botnet Compromised More than 14k Devices that Spreads from Asia to the United States

A new IoT Botnet dubbed HNS is growing phenomenally and spreads from Asia to the United States.The HNS IoT Botnet features a worm-like mechanism and embeds numerous commands such as data exfiltration, code execution and interference with a device’s operation.

The Bot was uncovered by Bitdefender Security researchers, they first spotted the bot by Jan. 10 and then it faded up and comes back significantly in more improved form by Jan. 20.

It utilizes the same exploit(CVE-2016-10401) as Reaper done and other vulnerabilities in the networking components.

The bot growing enormously and geographically distributed, initially it started as 12-device network and now it counts more than 14k.

HNS IoT Botnet
Source:’ Bitdefender
Much like anything nowadays, even IoT can go under attack by the individuals who know how to tackle its potential for malice. So it perhaps didn’t come as any big surprise that back in October 2016, Mirai (Japanese for “the future”), a malware surfaced attacking IoT devices such as IP cameras and home routers turning them into “bots”.

HNS IoT Botnet Operation

HNS bot has a worm-like spreading mechanism and randomly generates victim IP list. Later it initiates SYN connection to host and established communication if it get’s response from destination ports (23 2323, 80, 8080).

Researchers said "Once the connection has been established, the bot looks
for a specific banner (“buildroot login:”) presented by the victim. If it
gets this login banner, it attempts to log in with a set of predefined
credentials. If that fails, the botnet attempts a dictionary attack using
a hardcoded list".

Once the Bot has a new victim it identifies the target victim and select attack method suitable for the device.If the victims are through LAN and not over the Internet it setup TFTP server to download the malware and if the victim over the Internet it attempts a remote code delivery.

All the attack techniques are preconfigured and the bot decides attack vector based on the victim.It also has a custom-built p2p communication mechanism. Bitdefender published a technical report with communication mechanism and supported commands.

Mitigations – HNS IoT Botnet

The bot is not a persistent one, so a reboot could clean the device.



As with any new technology, IoT promises to be the future of the Internet, bringing better connectivity and ease of use of the devices we use, but these botnet attacks show, an equal amount of stress must be placed on security.


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles