Vulnerability Management, IoT, Network Security, Threat Intelligence

Widespread AIRASHI botnet detailed in new report

January 23, 2025

Network of platforms with bots on top botnet cybersecurity conce

Threat actors exploit SimpleHelp RMM flaws for network access. (Adobe Stock Images)

Intrusions exploiting a Cambium Networks cnPilot router zero-day have been launched by threat actors to facilitate the distribution of the AIRASHI botnet, a variant of AISURU, for distributed denial-of-service attacks, primarily targeted at China, the U.S., Poland, and Russia, since June, according to The Hacker News.

Aside from the zero-day, threat actors behind AIRASHI also leveraged more than a dozen other security flaws impacting AVTECH IP cameras, Shenzhen TVT appliances, and other devices dating as far back as 2013, a report from QiAnXin XLab researchers showed. "The operator of AIRASHI has been posting their DDoS capability test results on Telegram. From historical data, it can be observed that the attack capacity of the AIRASHI botnet remains stable around 1-3 Tbps," said researchers, who noted the emergence of two different versions of the AIRASHI botnet, one of which features arbitrary command execution while the other allows proxy support. Such findings come after QiAnXin XLab researchers reported an attack with the cross-platform alphatronBot backdoor against Chinese organizations.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Learn More

SC Staff

A 3D-Illustration of the word Linux on metallic cubes

Vulnerability Management

Linux kernel flaw added to CISA’s exploited vulnerabilities list

Steve ZurierFebruary 6, 2025

Flaw could let attackers escalate privileges on popular Google Android and Pixel devices.

Vulnerability Management

CISA: Actively exploited Linux kernel flaw requires immediate remediation

SC StaffFebruary 6, 2025

Such a vulnerability — which stems from a USB Video Class driver out-of-bounds write issue that could be exploited for privilege escalation — may have been used by forensic data extraction tools, according to the GrapheneOS development team.

Penetration Testing

How to prepare for an effective web application penetration test

Outpost 24February 6, 2025

At a time when data breaches and cyberattacks dominate headlines, web application security is top on the minds of IT leaders. By performing regular web application pen tests, possible vulnerabilities can be uncovered and steps taken to fortify your defenses. In this post, we'll discuss the importance of preparing for a pen test, the items that should be on your pen test checklist, and how to foster close collaboration with your pen testing team.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Widespread AIRASHI botnet detailed in new report

An In-Depth Guide to Network Security

Related

Linux kernel flaw added to CISA’s exploited vulnerabilities list

CISA: Actively exploited Linux kernel flaw requires immediate remediation

How to prepare for an effective web application penetration test

Related Events

Balancing Act: Prioritizing Vulnerabilities and Misconfigurations in Vulnerability Management

CISO Perspectives to Improve/Optimize Vulnerability Management

Exposure management: How organizations can use it to build cyber resilience

Get daily email updates