Specialists of the Computer Emergency Response Team KZ-CERT, in the course of monitoring information security threats on the Kaznet network, identified the Hajime botnet (translated from the Japanese “beginning”), which has been activated in Kazakhstan and is currently carrying out a massive network scan, search for vulnerable routers with open ports.
The first facts of the presence of a botnet were discovered during the analysis of Internet traffic in November 2018. Malicious software (hereinafter referred to as malware) “Hajime” uses a ready-made sequence of commands that scan a range of IP nodes and send a request on an open port 7547.
In case of a successful attack on the device, an 86,016-byte ELF file is inserted in the background, which establishes a connection with the command center. Vulnerability in devices allows an attacker to execute arbitrary code, the result of which can lead to information leakage and data loss.
The scheme of education botnet network "Hajime"
Recommendations of the Team KZ-CERT to eliminate threats to information security:
1. Update your router's firmware version to stable.
2. Change the password of the administrator account of the router.
3. Close open, unused device ports.
4. Check CPU utilization.
5. Update the software database for detecting malware and scan the device.