A so-called vigilante botnet has grown to 300,000 IoT Devices.
Dubbed Hajime, the botnet works the same way the Marai botnet works. It infects unsecured IoT devices with open Telnet ports with default passwords. Hajime uses the same list of username and password combinations that Marai does.
What’s very unique about Hajime is that the botnet doesn’t weaponized devices, it patches them. When Hajime infects a device it secures the device by blocking access to four ports known to be most widely used for infecting IoT devices. It also decentralized peer-to-peer network to issue updates to the device.
The infected devices are sent a cryptographically signed message every 10 minutes that says “just a white hat, securing some systems.”
It is not know who is behind the botnet.Return To Article