Mozi

Mozi is a P2P botnet using the DHT protocol. To spread, Mozi abused weak Telnet passwords and known vulnerabilities to invade network devices, the IoT and video recorders, and other Internet-connected products. Botnets can enslave devices to launch DDoS attacks, launch payloads, steal data and execute system commands.

Known Variants

Mozi botnet, evolving with new functionalities and targeting IoT devices.

Mitigation Strategies

Secure IoT devices by disabling default credentials and enforcing strong, unique passwords. Apply the latest firmware updates to minimize vulnerabilities. Network segmentation to isolate IoT devices from critical systems is crucial. Regularly monitor traffic for unusual patterns that might indicate botnet activity.

Targeted Industries or Sectors

Primarily impacts IoT-heavy sectors such as manufacturing, logistics, and smart city infrastructure.

Associated Threat Actors

While the operators of Mozi remain unidentified, it has been utilized in campaigns by cybercriminals focusing on distributed denial-of-service (DDoS) attacks.

References

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Hunt Intelligence, Inc.