article featured image


Mirai Botnet Threat appeared for the first time in 2016 and has continually posed a threat to IoT devices. McAfee has recently released a report that analyses the impact of this network. Mirai Botnet Threat and its various alternatives derived from it have laid hands on IoT devices and Linux systems, affecting, in the first part of 2021, 55% of the first ones and 38% of the latter.

What Is Mirai Botnet Threat?

Heimdal™ has a thorough analysis of the Mirai Botnet Threat, covering aspects such as origins and working method in an article from April.

Firstly, a botnet is a way a hacker acts on various computers, more compromised computers being connected to the same network and being determined to perform the same cyberattacks such as denial-of-service distribution or phishing campaigns. The threat actor can control all of them remotely.

The Mirai Botnet Threat was described as the king of botnets that stands out precisely through the fact that its main targets are not only personal computers or networking add-ons, but IoT devices. It made havoc among cyberattacks in 2016, taking down OVH (the private cloud provider), Dyn DNS producer, and also Krebs on Security.

Mirai Botnet Threat: at the Speed of Light

Mirai Botnet and its several variants spread like fire. Fortinet researchers, who have been tracking IoT botnets’ activities for a while, have made some new discoveries. They realized that 4700 attacks in 3 weeks (mainly 200 per day) targeted a new honeypot system. Out of 4700, 4000 belonged to none other than Mirai Botnet’s variants like Ecchi, DNXFCOW, Kyton, Hajime, SYLVEON, SORA, OWARI, BOTNET, and CULT.

MANGA and Moobot: Other Two Versions of Mirai Botnet Threat

According to the same researchers, MANGA stands for another variant of Mirai that takes exploit vectors like those related to Cisco HyperFlex, or Tenda router vulnerabilities and updates them on its list.

Cyware also reports that other analysts discovered Moobot. Moobot came out from the depths of Cyberium, a new host for malicious domains. It looks for flaws that could lead to REC (Remote Control Execution) in Tenda routers and works through a hardcoded string that repeats itself throughout the code, thus the process name is brought about and utilized during the execution.

This vulnerability is not commonly used by web scanners and was barely detected by our honeypots during the last six months, except for a minor peak in November.


Mirai Botnet Threat is in its best shape and multiplies quickly. As a professional, be sure that your IoT devices are updated and patched in time! You can check out our article to find out how you can do it!

Hundreds of thousands of IoT devices use default settings, making them extremely vulnerable to infection, therefore once infected, the device will monitor the command and control server which indicates the target of an attack.


Author Profile

Andra Andrioaie

Security Enthusiast

linkedin icon

Hi! My name is Andra and I am a passionate writer interested in a variety of topics. I am curious about the cybersecurity world and what I want to achieve through what I write is to keep you curious too!

Leave a Reply

Your email address will not be published. Required fields are marked *