Wednesday, May 14, 2025
HomeDDOSMirai Based Botnet Moobot Exploit Hikvision Vulnerability

Mirai Based Botnet Moobot Exploit Hikvision Vulnerability

Published on

SIEM as a Service

Follow Us on Google News

Fortinet has recently discovered a malware called Moobot, which was widely distributed through a security vulnerability in a number of Hikvision surveillance or security cameras. Moobot is a variant of the well-known botnet malware Mirai. 

When a victim device is infected, it turns the device into a member of its botnet army, accepts instructions from the threat actors, and launches Distributed Denial of Service (DDoS) attacks against specific targets.

Infection Process

Moobot exploited a vulnerability CVE-2021-36260 in the webserver of Hikvision’s various surveillance cameras to invade. 

- Advertisement - Google News

A specially crafted message of malicious commands sent to Hikvision devices with this vulnerability, that can yield this vulnerability and inject malicious code for infection.

According to the Fortinet report, The method of attacking Hikvision products is very simple, and it does not even need to pass any login verification procedures, as long as a special attack message is sent to the target device to succeed.

After Moobot got infected, it modify some common commands, such as the “reboot” command used to restart the device, so that the administrator cannot restart the hacked device.

Apart from this, the Moobot features several common elements of Satori, it’s also a variant of Mirai botnet, and in the summer of 2020, the author of Satori got arrested.

Here are the similarities of Moobot with Satori:-

  • Using a separate downloader.
  • The forking of the “/usr/sbin*” process.
  • Overwriting the legitimate “macHelper” file with the Moobot executable.

Floods used

Incorporating the compromised device into a DDoS swarm is the primary goal of Moobot, and in this proceeding to attack the C2 sends several floods with the target IP address and port number.

Here are the floods used by Moobot:-

  • UDP flood
  • ACK flood
  • ACK+PUSH flood
  • SYN flood

However, the vulnerability CVE-2021-36260 has been already fixed in the new version of Hikvision’s firmware launched in September 2021.

But, here, most IoT product owners will hardly update the product, in short, there are still a large number of unpatched products that will be there on the market, which will make it a perfect target for hackers.

While the experts recommended users frequently check whether the products they own have the security updates available or not. Also make sure that the products are updated with the latest version, to avoid becoming the targets of attackers and tools utilized by the hackers to launch attacks.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across...

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...

Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies

The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded...

Europol Dismantles DDoS-for-Hire Network and Arrests Four Administrators

Significant blow to cybercriminal infrastructure, Europol has coordinated an international operation resulting in the...

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...