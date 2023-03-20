Cybersecurity researchers from Akamai have published a whitepaper regarding a new botnet named HinataBot.

Akamai cybersecurity researchers have published a whitepaper regarding a new botnet, named HinataBot. The new botnet targets Realtek SDK devices, Huawei HG532 routers, and exposed Hadoop YARN servers, and it is capable of launching 3.3 Tbps DDoS attacks.

First appearance in January

The Go-based botnet, HinataBot, seems to be named after the character Hinata Hyūga in the Naruto manga series. It uses a very simple file name structure as Hinata-<OS>-<Architecture>. HinataBot has been detected exploiting Realtek SDK devices’ miniigd SOAP service with the CVE-2014-8361 vulnerability, Huawei HG532 routers with CVE-2017-17215 vulnerability, and a Hadoop YARN server vulnerability.

According to the report, the botnet’s first appearance happened in mid-January this year and it is constantly being developed and improved. The botnet itself is based on Mirai. After a successful infection process, HinataBot will stay stealthy and wait for the commands that will come from the C2 server.

The current version of HinataBot supports HTTP and UDP attacks and creates 512 processes to deploy the attacks. Those processes generate and send hard-coded data packets for a specific duration. HTTP packets that are being sent range between 484 and 589 bytes, however, the UDP packets are way bigger; 65,549 bytes.

UDP flood, up to 3.3 Tbps

Akamai’s benchmark during the research shows that HTTP attacks can generate HTTP 20,430 requests (3.4 MB) and 6,733 packages (421 MB) in just ten seconds. The company estimates that with 10,000 nodes, it could reach 3.3 Tbps volume with UDP flood.

« The HinataBot family relies on old vulnerabilities and brute-forcing weak passwords for distribution. This is yet another example of why strong password and patching policies are more critical than ever. Attackers are always looking for low-hanging fruit with a high return on investment, so making it more difficult for attacks to be successful helps significantly in keeping your environment and the internet safe. This is likely just the beginning for HinataBot. »

For full details, you can check the whitepaper on Akamai’s website