Security researchers believe the author of the Satori botnet is at it again, this time attacking routers to craft a botnet dubbed “Masuta”. The early-January Satori botnet attacked a Huawei router zero-day. Masuta also hits routers. According to NewSky’s analysis, the attack comes in two flavours. There’s Masuta, which takes the standard IoT approach of tapping devices for default credentials (hidden by a single XOR by 0x22, inspired by Mirai); and there’s the more sophisticated “PureMasuta” which exploits an old network administration bug.
ORIGINAL SOURCE: The Register