IoT Devices in a Password Spraying Botnet

IoT Devices in a Password Spraying Botnet

Microsoft is warning Azure cloud users that a Chinese-controlled botnet is involved in “extremely evasive” password spraying. I’m not sure about the “very evasive” part; The techniques are basically what you get in a distributed password guessing attack:

“Any threat actor using the CovertNetwork-1658 infrastructure can conduct large-scale password spraying campaigns and greatly increase the likelihood of successful compromises and initial access to multiple organizations in a short period of time,” Microsoft officials wrote. “This scale, combined with the rapid operational benefit of vulnerable guarantees between CovertNetwork-1658 and Chinese threat actors, allows for the ability to account for vulnerabilities in multiple sectors and geographies.”

Some of the factors that make it difficult to find are:

• Use of compromised SOHO IP addresses
• Use of a rotating set of IP addresses at any given time. Threat actors had thousands of available IP addresses at your disposal. The average lifetime of a CovertNetwork-1658 node is about 90 days.
• Low volume password cracking process; for example, monitoring multiple failed login attempts from a single IP address or account will not detect this function.

Tags: botnets, China, Internet of Things, passwords

Posted November 6, 2024 at 7:02 AM • 0 Comments