New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption

Forum|Forum|7 days ago
November 28, 2025
0 replies
5 views

+54

Jasper_The_Rasper
Moderator

November 28, 2025 By Pierluigi Paganini

ShadowV2, a new Mirai-based botnet, briefly targeted vulnerable IoT devices during October’s AWS outage, likely as a test run.

During the late-October AWS disruption, FortiGuard Labs researchers observed the Mirai-based ‘ShadowV2’ malware exploiting IoT vulnerabilities across multiple countries and industries. The botnet was active only during the outage, suggesting a test run for future attacks. ShadowV2 targets IoT devices using flaws in products from DDWRT (CVE-2009-2765), D-Link (CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915), DigiEver (CVE-2023-52163), TBK (CVE-2024-3721), TP-Link (CVE-2024-53375).

The bot targeted devices in multiple countries worldwide, including:

Oceania: Australia
America: Canada, United States, Mexico, Brazil, Bolivia, Chile
Europe: United Kingdom, Netherlands, Belgium, France, Czechia, Austria, Italy, Croatia, Greece
Africa: Morocco, Egypt, South Africa
Asia: Turkey, Saudi Arabia, Russia, Kazakhstan, China, Thailand, Japan, Taiwan, Philippines

Fortinet reported victims in multiple industries, including technology, retail and hospitality, manufacturing, managed security services providers, government, telecommunication and carrier services, and education.

>>Full Article<<

ShadowV2, a new Mirai-based botnet, briefly targeted vulnerable IoT devices during October’s AWS outage, likely as a test run.

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded