Mozi Botnet

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
The Mozi botnet, a form of malware, wreaked havoc on the internet from 2019 to 2023. During this period, it became the largest botnet in existence, incorporating over 1.5 million unique devices into its network. The botnet primarily exploited known vulnerabilities in NETGEAR DGN devices and JAWS web servers, enabling it to infiltrate systems often without the user's knowledge. Once inside, it could disrupt operations, steal personal information, or even hold data for ransom. In August 2023, there was an unexpected and significant drop in the activity of the notorious Mozi botnet. This botnet had gained infamy for exploiting vulnerabilities in hundreds of thousands of IoT devices each year. However, its reign came to an abrupt halt when a kill switch was activated, deliberately shutting down the botnet's operation. This development was first reported on Security Boulevard, a leading source of cybersecurity news and analysis. Following the sudden shutdown of the Mozi botnet, questions arose about who was behind the kill switch activation. Speculation pointed towards either Chinese authorities or criminal operators being responsible for the shutdown. Despite the uncertainty surrounding the identity of those involved, the deactivation of the Mozi botnet marked a significant milestone in the ongoing battle against malicious cyber activities.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Mozi
5
Mozi is a type of malware, a malicious software designed to exploit and damage computer systems or devices. It can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once it gains access, Mozi has the potential to steal personal information, disrupt oper
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Exploit
Spyware
Bot
Malware
Securityweek
Android
Payload
Chinese
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Lumma StealerUnspecified
1
Lumma Stealer is a malicious software (malware) that infiltrates systems primarily to steal personal information, disrupt operations, and exploit vulnerabilities. According to the ESET Threat Report H2 2023, Lumma Stealer gained significant traction in the second half of 2023, with its capabilities
MagecartUnspecified
1
Magecart is a consortium of malicious hacker groups known for their attacks on online shopping cart systems, specifically the Magento system, with the intent to steal customer payment card information. This malware, short for malicious software, can infiltrate systems through suspicious downloads, e
Mirai BotnetUnspecified
1
The Mirai botnet is a type of malware, malicious software designed to exploit and harm computer systems. It spreads by exploiting vulnerabilities in different systems, most notably through Ivanti Connect Secure bugs and the JAWS Webserver. Once inside a system, it can steal personal information, dis
MiraiUnspecified
1
Mirai is a type of malware that primarily targets Internet of Things (IoT) devices to form botnets, which are networks of private computers infected with malicious software and controlled as a group without the owners' knowledge. In early 2022, Mirai botnets accounted for over 7 million detections g
KinsingUnspecified
1
Kinsing is a type of malware, short for malicious software, that is designed to exploit and damage computer systems or devices. It typically infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt o
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-22518Unspecified
1
CVE-2023-22518 is a critical vulnerability that was discovered in all versions of Atlassian Confluence Data Center and Server products. Identified as an improper authorization flaw, it posed significant risks including potential data loss if exploited by an unauthenticated attacker. The vulnerabilit
Source Document References
Information about the Mozi Botnet Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Fortinet
a year ago
2022 IoT Threat Review | FortiGuard Labs
CERT-EU
a year ago
50+ Botnet Statistics and Trends (2023)
CERT-EU
9 months ago
This Week In Security: CVSS 4, OAuth, And ActiveMQ
CERT-EU
9 months ago
Prolific Mozi Botnet Deliberately Shut Down with Kill Switch
DARKReading
9 months ago
Somebody Just Killed the Mozi Botnet
CERT-EU
9 months ago
Who killed Mozi? Finally putting the IoT zombie botnet in its grave
CERT-EU
9 months ago
Mozi botnet murder mystery: Who is behind the kill switch?
InfoSecurity-magazine
9 months ago
Mysterious Kill Switch Shuts Down Mozi IoT Botnet
CERT-EU
9 months ago
Security researchers observed ‘deliberate’ takedown of notorious Mozi botnet
CERT-EU
9 months ago
Mozi Botnet Likely Killed by Its Creators
CERT-EU
7 months ago
650,000+ Malicious Domains Registered Resembling ChatGPT | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
DARKReading
a year ago
Botnets Send Exploits Within Days to Weeks After Published PoC
CERT-EU
9 months ago
Mozi Botnet Likely Killed by Its Creators
Securityaffairs
9 months ago
Who is behind the Mozi Botnet kill switch?
CERT-EU
9 months ago
Mysterious Kill Switch Disrupts Mozi IoT Botnet Operations
ESET
6 months ago
ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora
CERT-EU
9 months ago
Mozi Botnet Likely Killed by Its Creators
CERT-EU
9 months ago
A new video series, Google Forms spam and the various gray areas of cyber attacks
ESET
7 months ago
Delivering trust with DNS security
CERT-EU
9 months ago
Critical Apache ActiveMQ bug exploited by ransomware crew