216.73.217.64

Inside Water Barghest's Rapid Exploit-to-Market Strategy for IoT Devices

· Published 18/11/2024 14:21 · Modified 18/11/2024 16:38

Export JSON

Essential information

Published
18/11/2024 14:21
Modified
18/11/2024 16:38
Tags
2024-11-18 botnet iot ngioweb proxy residential proxy marketplace vulnerability exploitation
Related entities
66 observables, 1 intrusion sets (apt), 10 techniques (mitre), 1 malware

Description

Water Barghest, a cybercriminal group, has developed a highly automated system for exploiting and monetizing devices. Their , comprising over 20,000 devices as of October 2024, uses automated scripts to identify and compromise vulnerable devices from public internet scan databases. Once compromised, the malware is deployed, running in memory and connecting to command-and-control servers. The entire process, from initial infection to listing the device on a , can take as little as 10 minutes. Water Barghest targets various devices from brands like Cisco, DrayTek, and Zyxel, using both n-day vulnerabilities and at least one zero-day exploit. Their sophisticated operation has allowed them to maintain a low profile while generating steady income through their cybercriminal activities.

External references