HQ/EMEAFind out how we can help your business
The newly emerged Go language-based botnet, HinataBot, has joined the cybercriminal landscape that exploits previously undocumented vulnerabilities. This new malicious entity appeared in January in HTTP and SSH honeypots that abuse old vulnerabilities and unsecured credentials.
The botnet exploits the arbitrary code execution flaws in Huawei HG532 routers (CVE-2017-17215) and miniigd SOAP service in Realtek SDK (CVE-2014-8361) to spread infection. In addition, the botnet operators have also abused the exposed Hadoop YARN servers with weak credentials to initiate attacks.
Researchers explained that HinataBot could use protocols like UDP, TCP, ICMP, and HTTP to send traffic during distributed denial-of-service attacks. However, some researchers believe that botnet developers have limited the protocols to HTTP and UDP for their attacks.
The new HinataBot botnet drew inspiration from Mirai.
According to an investigation, the threat actors operating the HinataBot have allegedly been spreading Mirai binaries before starting to create their operation last January. Researchers also claimed that the new botnet is just a Golang version of the Mirai botnet since it follows some processes and attack methods used by the Mirai campaign.
An analyst pointed out that the HinataBot sets up its communication the same way as Mirai. Additionally, the group also parses its command when conducting an attack. As of now, researchers have yet to confirm the scope of HinataBot’s attack since it is still in the development stage.
Cybercriminals have been shifting to more Golang-based botnets due to their convenient use in performance, multi-threading, and cross-compilation support. In a similar incident, the GoBruteforcer campaign has been scanning and infecting popular web servers that run on MySQL, FTP, phpMyAdmin, and Postgres services.
HinataBot botnet is the newest addition to the growing list of Go language-based threats. Threat actors have been focused on improving the evasion features of these botnets by designing their threats through old entities, such as Mirai.
Organisations should ensure that the firmware of their affected products is up to date. This new botnet is still under development, and numerous researchers have been taking tabs on it.
