mrhacker.co
Open in
urlscan Pro
2606:4700:3037::6815:15a2
Public Scan
URL:
https://mrhacker.co/data-security/mirai-botnet-exploiting-azure-omigod-vulnerabilities?feed_id=25192&_unique_id=614b...
Submission: On September 23 via api from GB — Scanned from DE
Submission: On September 23 via api from GB — Scanned from DE
Form analysis 1 forms found in the DOM
GET https://mrhacker.co/
<form method="get" id="searchform" action="https://mrhacker.co/">
<input type="text" name="s" id="s" value="Type search term and press enter" onfocus="if (this.value == "Type search term and press enter") { this.value = ""; }"
onblur="if (this.value == "") { this.value = "Type search term and press enter"; }">
<input type="hidden" id="searchsubmit" value="Search">
</form>Text Content
* * * * * * * * * Home * Hacking News * Arrests * Botnet * DDOS * Data Breach * Leaks * Phishing * Social Engineering * Scams * Website Defacement * Malware * Viruses * Ransomware * Geek * Reviews * Android * Linux * Mac * Windows * Internet Security * Banking * Cryptocurrency * Data Security * Incidents * Mobile Security * Opinion * Privacy * Small business * Social Engineering * Social Media * Cyber Security * Cyber Attack * Cyber Crime * Cyber Events * Hacking * Hacking Groups * Hacking Tools * Tutorials * eBooks * Web Hacking * Windows Hacking * Wireless Hacking * Pentest * Hackers Repository * How To * Lists MRHACKER * Home * Hacking News * Arrests * Botnet * DDOS * Data Breach * Leaks * Phishing * Social Engineering * Scams * Website Defacement * Malware * Viruses * Ransomware * Geek * Reviews * Android * Linux * Mac * Windows * Internet Security * Banking * Cryptocurrency * Data Security * Incidents * Mobile Security * Opinion * Privacy * Small business * Social Engineering * Social Media * Cyber Security * Cyber Attack * Cyber Crime * Cyber Events * Hacking * Hacking Groups * Hacking Tools * Tutorials * eBooks * Web Hacking * Windows Hacking * Wireless Hacking * Pentest * Hackers Repository * How To * Lists Data Security MIRAI BOTNET EXPLOITING AZURE OMIGOD VULNERABILITIES By root Posted on September 22, 2021 Share Tweet Share Share Email THE INFAMOUS MIRAI BOTNET LETS THREAT ACTORS USE COMPROMISED DEVICES TO CARRY OUT LARGE-SCALE AND CRIPPLING DDOS ATTACKS. Critical Microsoft Azure vulnerabilities reported and patched earlier this week are actively exploited by threat actors and cybercriminals. Dubbed the OMIGOD flaws; the vulnerabilities were originally discovered by the Wiz Research Team. READ: Microsoft warns of Azure flaws exposing users to data theft On the other hand, security researcher Germán Fernández identified one of the botnets trying to exploit the reported vulnerabilities. Fernández tweeted that attackers are searching for Azure Linux virtual machines as these are vulnerable to a remote code execution flaw identified in Azure. This finding was confirmed by Bad Packets security firm. The researcher also highlighted that a Mirai botnet operator is one of the attackers scanning the web for vulnerable machines. ThreatModeler’s director of strategy, Stuart Winter-Tear, explained that it is important to close any open OMI ports to prevent exploitation. In a conversation with Cado Security, Stuart said that: > “As this is now confirmed as being actively scanned and exploited in an > automated fashion via botnets, and we know there is the potential for root > privilege remote code execution, any open OMI ports must be closed as soon as > possible, and Azure mitigation guidelines need to be implemented.” ABOUT THE VULNERABILITIES The flaws were identified in the Open Management Infrastructure aka OMI. It is a widely used software component embedded in many popular Azure services. These include a remote code execution vulnerability classified as CVE-2021-38647 and several privilege escalation flaws including: CVE-2021-38645 CVE-2021-38648 CVE-2021-38649 WHAT ARE THE DANGERS? An attacker can remotely exploit CVE-2021-38647 simply by sending out a well-crafted request to a vulnerable device using a publicly accessible remote management port, such as 5986m 5985, or 1270. If the attack is successful, the attacker can become a root on a remote device. Furthermore, Azure will automatically install the OMI agent after a user set up Linux VM and other services, including monitoring, are enabled on the device. Then, OMI will run with root access by default, making the system highly vulnerable to compromise. Security researcher Kevin Beaumont (GossiTheDog) tweeted that if Mirai botnet exploits a vulnerable machine, the operators will drop one of the Mirai DDoS botnet versions and close port 5896 on the internet to prevent other attackers from exploiting the same box. > “Mirai botnet is exploiting #OMIGOD—they drop a version of Mirai DDoS botnet > and then close 5896 (OMI SSL port) from the internet to stop other people > exploiting the same box,” Beaumont’s tweet read. SEE: Whitehat hackers accessed primary keys of Azure’s Cosmos DB customers According to Beaumont, one of his test boxes was attacked, and attackers deployed a cryptominer on the system. > For anybody who hasn’t caught the #OMIGOD patching thing.. Azure haven’t > patched it for customers. > > They silently rolled out an agent allowed no authentication remote code > execution as root, and then the fix is buried in the random CVE – alter your > system config. pic.twitter.com/BLjmhQFDg2 > > — Kevin Beaumont (@GossiTheDog) September 16, 2021 For your information, Mirai is a destructive botnet, for example, in 2019, it was reported that a British man used Mirai botnet to cripple the Internet services in the Republic of Liberia, a country on the West African coast. Related Items:Azure, botnet, Microsoft, Mirai, OMIGOD Share Tweet Share Share Email RECOMMENDED FOR YOU * Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability * Microsoft warns of Azure vulnerability which exposed users to data theft * Yandex hit by largest DDoS attack involving 200,000 hacked devices Comments LATEST NEWS * 4.3K Data Security DANGERS OF DNS POISONING AND HOW TO PREVENT IT The cyberworld is constantly evolving, and with evolution comes new methods of committing crimes.... * 4.9K Data Security SSID STRIPPING FLAW LETS HACKERS MIMIC REAL WIRELESS ACCESS POINTS SSID Stripping has emerged as a significant threat because it impacts almost all software... * 990 Data Security FAKE TEAMVIEWER DOWNLOAD ADS DISTRIBUTING NEW ZLOADER VARIANT The infection chain starts when the victim clicks on an ad from Google on... * 4.7K Data Security UNIVERSAL DECRYPTOR KEY FOR SODINOKIBI, REVIL RANSOMWARE RELEASED Romania-based cybersecurity firm Bitdefender has released the much-awaited universal decryptor for REvil ransomware victims... * 586 Cyber Events ANONYMOUS HACKS TEXAS REPUBLICAN PARTY WEBSITE AGAINST ABORTION LAW The Texas Republican Party is now asking for donations to secure its website from... LINKS MrHacker on security is a Cyber Security platform that covers daily Cyber Security News, Hacking News, Hacking Tutorials and Technology updates. Our mission is to keep the community up to date with happenings in the Cyber World with slogan: MrHacker - Think, Talk, Hack. * * * * * * * * QUICK LINKS * Home * Latest News * Section * Topic * About Us * Contact * Advertise With Us HOT TOPIC Hacking malware Internet Cyber Crime Security android Google Linux privacy cybersecurity facebook Cyber-Attack ransomware Apple hacking news Microsoft vulnerability Cyber Security Anonymous DDoS cryptocurrency data breach cyber attacks breach Bitcoin Defacement Dark Web Data NSA Open Source windows 10 FBI Leaks fraud hackers iPhone computer security Windows technology Hacked backdoor iOS phishing china Government cyber-threats ethical hacking Chrome Encryption cyber security news * Contact Us * Privacy Policy Copyright © 2019 MrHacker.Co - Think, Talk, Hack To Top PIN IT ON PINTEREST * * * * * * * Share This * Facebook * Twitter * Digg * Pinterest * Delicious * reddit * LinkedIn × × ×