2020-00004-Mirai Botnet Infections

Report DIVD-2020-00004 - List of Mirai botnet victims published with credentials

25 January by Jeroen van de Weerd

Case Lead: Sander Spierenburg

On 20-01-2020, DIVD CSIRT received a list of IP addresses, usernames and passwords belonging to systems that may have been part of the Mirai botnet. It appeared that the systems were included in the botnet between 16-10-2019 and 29-11-2019.

Mirai is malware that is installed on IoT devices. All these infected devices together form the Mirai botnet. This botnet is often used for DDoS attacks. Despite the fact that the creators of Mirai have been caught, the botnet remains dangerous and has mutated into other dangerous botnets. For additional information visit ZDnet

On 07-02-2020, DIVD CSIRT reached out to the owners of these systems and informed them about the systems that appear in the list. DIVD CSIRT has not received any feedback from approached owners. Since no further inquiries were received, DIVD CSIRT decided to close the case.