Juniper Networks issued an alert regarding a Mirai botnet attack on Session Smart Router (SSR) devices with default credentials. The attack, detected on December 11, 2024, compromised SSR products and facilitated DDoS attacks using the infected devices. The Mirai botnet exploited default passwords to enable remote command execution and initiate various forms of malicious activity, particularly DDoS attacks. Unusual port scans, frequent SSH login failures, traffic spikes, and erratic device behaviors were indicators of the infection. The incident necessitated a reinforcement of security measures, such as updating default credentials, strengthening passwords, regular monitoring of access logs, deployment of firewalls, and up-to-date firmware to mitigate further risks.
Source: https://securityaffairs.com/172157/malware/juniper-networks-mirai-botnet.html
TPRM report: https://scoringcyber.rankiteo.com/company/juniper-networks
"id": "jun000122424",
"linkid": "juniper-networks",
"type": "Vulnerability",
"date": "12/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Networking',
'name': 'Juniper Networks',
'type': 'Organization'}],
'attack_vector': 'Default Passwords',
'date_detected': '2024-12-11',
'description': 'Juniper Networks issued an alert regarding a Mirai botnet '
'attack on Session Smart Router (SSR) devices with default '
'credentials. The attack, detected on December 11, 2024, '
'compromised SSR products and facilitated DDoS attacks using '
'the infected devices. The Mirai botnet exploited default '
'passwords to enable remote command execution and initiate '
'various forms of malicious activity, particularly DDoS '
'attacks. Unusual port scans, frequent SSH login failures, '
'traffic spikes, and erratic device behaviors were indicators '
'of the infection. The incident necessitated a reinforcement '
'of security measures, such as updating default credentials, '
'strengthening passwords, regular monitoring of access logs, '
'deployment of firewalls, and up-to-date firmware to mitigate '
'further risks.',
'impact': {'systems_affected': ['SSR Devices']},
'initial_access_broker': {'entry_point': 'Default Credentials'},
'motivation': 'Malicious Activity, DDoS Attacks',
'post_incident_analysis': {'corrective_actions': ['Updating Default '
'Credentials',
'Strengthening Passwords',
'Regular Monitoring of '
'Access Logs',
'Deployment of Firewalls',
'Up-to-date Firmware'],
'root_causes': 'Default Credentials'},
'response': {'containment_measures': ['Updating Default Credentials',
'Strengthening Passwords',
'Regular Monitoring of Access Logs',
'Deployment of Firewalls',
'Up-to-date Firmware']},
'threat_actor': 'Mirai Botnet',
'title': 'Mirai Botnet Attack on Juniper Networks SSR Devices',
'type': 'DDoS Attack',
'vulnerability_exploited': 'Default Credentials'}