Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

New Botnet Loader-as-a-Service Exploiting Routers

A new botnet loader-as-a-service (LaaS) has emerged, targeting routers to exploit vulnerabilities and expand its reach. This innovative threat leverages compromised routers to deploy malicious payloads, facilitating large-scale cyberattacks. The service model allows cybercriminals to rent the botnet infrastructure, lowering the barrier to entry for launching sophisticated attacks. Key vulnerabilities exploited include those in router firmware and network protocols, enabling unauthorized access and control. The botnet's modular design supports various malware payloads, enhancing its versatility and threat potential. This development underscores the increasing risk posed by IoT and network devices as attack vectors. Organizations and individuals are urged to update router firmware promptly, implement strong authentication measures, and monitor network traffic for anomalies. Cybersecurity professionals should prioritize detection and mitigation strategies against LaaS threats to protect critical infrastructure and personal networks. The rise of botnet LaaS exploiting routers marks a significant evolution in cybercrime tactics, demanding heightened vigilance and proactive defense mechanisms across the cybersecurity landscape.

This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 27 Sep 2025 10:00:21 +0000

Cyber News related to New Botnet Loader-as-a-Service Exploiting Routers

Unit 42 Collaborative Research With Ukraine's Cyber Agency To Uncover the Smoke Loader Backdoor - This collaborative research focuses on recent Smoke Loader malware activity observed throughout Ukraine from May to November 2023 from a group the CERT-UA designates as UAC-0006. The SCPC SSSCIP has identified Smoke Loader as a prominent type of ...
1 year ago Unit42.paloaltonetworks.com

Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com Fancy Bear APT28 Volt Typhoon

Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
1 year ago Bleepingcomputer.com Volt Typhoon

Malware botnet bricked 600,000 routers in mysterious 2023 event - A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access. According to researchers at Lumen's Black Lotus Labs, ...
1 year ago Bleepingcomputer.com

Malware botnet bricked 600,000 routers in mysterious 2023 attack - A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access. According to researchers at Lumen's Black Lotus Labs, ...
1 year ago Bleepingcomputer.com

New botnet malware exploits two zero-days to infect NVRs and routers - A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, ...
1 year ago Bleepingcomputer.com

FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
1 year ago Bleepingcomputer.com Fancy Bear APT28 Turla Volt Typhoon

US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon - The US government on Wednesday announced a major takedown of a botnet full of end-of-life Cisco and Netgear routers after researchers warned it was being used by Chinese state-backed hackers as a covert communications channel. The disruption comes ...
1 year ago Securityweek.com Volt Typhoon

New Vo1d botnet variant infects 1.6 million Android TVs worldwide - A new variant of the Vo1d malware botnet has infected 1,590,299 Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. The Vo1d botnet is a multi-purpose cybercrime tool that turns compromised devices ...
7 months ago Bleepingcomputer.com

Feds go Fancy Bear hunting, take down Russia's GRU botnet The Register - The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Moobot ...
1 year ago Go.theregister.com Fancy Bear Volt Typhoon

Vo1d malware botnet grows to 1.6 million Android TVs worldwide - A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. The Vo1d botnet is a multi-purpose cybercrime tool that turns compromised ...
7 months ago Bleepingcomputer.com

Previously unidentified botnet infects unpatched TP-Link Archer home routers | The Record from Recorded Future News - Cato Networks found some evidence that the threat actor involved deploys tools to potentially steal data from infected networks.The IP address tied to the threat actor is no longer responding, the researchers said, adding that they have found a new ...
6 months ago Therecord.media CVE-2023-1389

Aisuru Botnet With 300,000 Hijacked Routers - The Aisuru botnet has emerged as a significant threat in the cybersecurity landscape, leveraging an astonishing network of over 300,000 hijacked routers worldwide. This botnet primarily targets vulnerable routers to create a massive distributed ...
2 weeks ago Cybersecuritynews.com

"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested - A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation. 35-year-old YunHe Wang, a dual citizen of China and St. Kitts and Nevis, is ...
1 year ago Tripwire.com

Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
1 year ago Packetstormsecurity.com

Botnet Struck U.S. Routers; Here's How to Keep Employees Safe - State-sponsored hackers affiliated with China have targeted small office/home office routers in the U.S. in a wide-ranging botnet attack, Federal Bureau of Investigation Director Christopher Wray announced on Wednesday, Jan. 31. Most of the affected ...
1 year ago Techrepublic.com Volt Typhoon

New Botnet Loader-as-a-Service Exploiting Routers - A new botnet loader-as-a-service (LaaS) has emerged, targeting routers to exploit vulnerabilities and expand its reach. This innovative threat leverages compromised routers to deploy malicious payloads, facilitating large-scale cyberattacks. The ...
6 days ago Cybersecuritynews.com CVE-2023-28252 CVE-2023-28253 Lazarus Group

Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities - Researchers have discovered an Internet of Things botnet linked with attacks against multiple US government and communications organizations. It comes built with a series of stealth mechanisms and the ability to spread further into local area ...
1 year ago Darkreading.com Volt Typhoon

QNAP VioStor NVR vulnerability actively exploited by malware botnet - A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution vulnerability in QNAP VioStor NVR devices to hijack and make them part of its DDoS swarm. The botnet was discovered by Akamai's Security Intelligence Response Team in ...
1 year ago Bleepingcomputer.com CVE-2023-49897 CVE-2023-47565

Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Malware hunters in the United States have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting ...
1 year ago Securityweek.com Volt Typhoon Hunters

DrayTek Routers at Risk From 14 New Vulnerabilities - The advice comes amid signs of growing threat actor activity — including by nation-state actors — targeting vulnerabilities in routers and other network devices from DrayTek and a variety of other vendors, including Fortinet, F5, QNAP, Ivanti, ...
11 months ago Darkreading.com CVE-2024-41592 CVE-2024-41585 CVE-2021-20123 CVE-2021-20124

Stealthier version of P2Pinfect malware targets MIPS devices - The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS processors, such as routers and IoT devices. Due to their efficiency and compact design, MIPS chips are prevalent in embedded systems like routers, ...
1 year ago Bleepingcomputer.com CVE-2022-0543

"Sierra:21" vulnerabilities impact critical infrastructure routers - A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. The flaws ...
1 year ago Bleepingcomputer.com

FBI: End-of-life routers hacked for cybercrime proxy networks - In a related bulletin, the agency confirms that many of these routers are infected with a variant of the "TheMoon" malware, which enables threat actors to configure them as proxies. The FBI warns that threat actors are deploying malware on ...
4 months ago Bleepingcomputer.com