Advertisement
A cybercriminal group calling itself Diicot is performing mass SSH brute-force scanning and deploying a variant of the Mirai IoT botnet on compromised devices, according to researchers. The group also deploys a cryptocurrency mining payload on servers with CPUs that have more than four cores.
“Although Diicot have traditionally been associated with cryptojacking campaigns, Cado Labs discovered evidence of the group deploying an off-the-shelf Mirai-based botnet agent, named Cayosin,” researchers from Cado Security said in an analysis of the group’s recent and ongoing attack campaign. “Deployment of this agent was targeted at routers running the Linux-based embedded devices operating system, OpenWrt.”