Mozi Botnet

Malware updated a month ago (2024-11-29T14:03:37.660Z)
Download STIX
Preview STIX
The Mozi botnet, a notorious malware, was responsible for 74% of all Internet of Things (IoT) attacks in 2021. Despite the arrest of its authors in summer 2021 leading to an overall drop in IoT attacks in Q4 of that year, the malware continued to infect more connected devices. It saw significant growth from Q3 2021, with over 5 million detections in early 2022. Furthermore, research indicated that not only were attackers rapidly using exploit code, but also quickly automated attacks by plugging into existing botnet infrastructure. Of the 19% of traffic attempting to exploit researchers' honeypots, 73% came from the Mozi botnet. In a surprising turn of events, the Mozi botnet experienced a sudden decline in activity in August 2023. Security experts who first noticed the prolific network's slowdown subsequently discovered a de facto kill switch for the IoT system. This resulted in the Mozi botnet becoming a shell of its former self. Interestingly, the bot configured ZTE and Huawei devices to prevent their exploitation, similar to previous Mozi botnet actions reported by Microsoft. Despite the demise of the Mozi botnet, significant developments have emerged in the Androxgh0st botnet, revealing its strategic expansion and integration with elements from the now-defunct Mozi botnet. However, as of the current situation, the Mozi botnet is essentially dead. An update to this persistent IoT malware was methodically pushed out starting in August, deploying first to India and then China, effectively putting the notorious botnet to rest.
Description last updated: 2024-11-07T19:01:59.791Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Mozi is a possible alias for Mozi Botnet. Mozi, a malicious software (malware), has been a significant force in the cyber threat landscape. This malware, known for exploiting outdated and vulnerable Internet of Things (IoT) devices, was responsible for 74% of all IoT attacks in 2021. The Mozi botnet, infamous for hijacking hundreds of thous
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Exploit
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Mozi Botnet Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
2 months ago
Fortinet
2 years ago
CERT-EU
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
ESET
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
ESET
a year ago