Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Previous Hacker “Wicked” Returns With New Name

It is believed that the hacker known as Wicked, who was linked to the creation of the Owari and Sora botnets, has returned with a new botnet while now calling themselves Anarchy.  The botnet, which has also been dubbed Anarchy, has infected approximately 18,000 devices in a 24-hour period.  Anarchy’s infections began after a significant surge in scans on July 18th looking to identify devices which were vulnerable to CVE-2017-17215. CVE-2017-17215 is a security flaw which effects Huawei HG532 that is exploited through port 37215 and allows for remote code execution.  According to Anarchy/Wicked, they wanted to create “the biggest, baddest botnet in town,”  Anarchy/Wicked also claimed that they were working to exploit Realtek routers vulnerable to CVE-2014-8361, which allows  remote code execution, to expand their botnet.  Based off the growth rate of this most recent botnet, as well as the great success of the Owari and Sora botnets, if Anarchy/Wicked is truly working to exploit CVE-2014-8361, this could become a truly formidable botnet.