The EnemyBot botnet has included new critical vulnerabilities to its campaigns to expand its attack coverage. Researchers noted that the botnet operators had exploited weaknesses in different systems such as web servers, Android devices, and IoTs. In addition, flawed content management systems are also eyed by this botnet.
Based on reports, the recently discovered latest variants of EnemyBot were found to add 24 critical vulnerabilities and other enhancements. The botnet has included flaws for more than twelve processor architectures like OpenBSD, macOS, MIPS, x86, ARM, and PowerPC.
In addition, the researchers claimed that the botnet has some strong ties with the LolFMe (another notorious botnet). Both botnets have identical structures, strings, and code patterns.
The EnemyBot has exploited numerous flaws since upgrading its tools.
The botnet’s analysis revealed that its new variant had exploited several flaws, such as CVE-2022-22954, CVE-2022-1388, and CVE-2022-22947.
The first vulnerability is a remote code execution flaw (RCE) in VMware Workspace One Access and Identity Manager. The second identified vulnerability is also an RCE vulnerability in F5 BIG-IP that can result in device control. The third flaw can also be considered a remote code execution flaw, but security researchers managed to patch the flaw last March.
There are also other targeted flaws that EnemyBot have paid attention to, such as exploits related to routers and IoT devices. These flaws are the CVE-2022-25075 for TOTOLINK, CVE-2022-27226 for iRZ, and the notorious Log4Shell critical vulnerability.
The botnet’s recent activity was first spotted by analysts about a month ago when they encountered several samples that emerged from a previous attack. Furthermore, it is operated by a malicious group called Keksec, which appears to have a constant expansion of its network.
The activities of these malicious threat actors have been on the rise recently. They are cleverly adding new exploits and vulnerabilities in their attacks before emerging to increase the chances of a successful attack.
Cybersecurity experts suggest that users always ensure that their devices and IoTs are up to date and completely secured with the latest patches.
