Four-Faith Industrial

The Gayfemboy botnet has been exploiting a vulnerability in Four-Faith industrial routers since November 2024 to launch DDoS attacks. This botnet variant, using the Mirai codebase, has integrated N-day and 0-day exploits and has been attacking with over 15,000 daily active nodes. The attacks have targeted various global entities including the U.S and China and have resulted in blackholing traffic and disabling services due to the overwhelming network resources consumed by DDoS. The botnet targets several vulnerabilities across different devices and has disrupted not only Four-Faith routers but also affected other devices like Neterbit routers and Vimar smart home devices. The severity of this attack is predominantly on network resources, causing significant disruption.

Source: https://securityaffairs.com/172805/malware/gayfemboy-mirai-botnet-four-faith-flaw.html

TPRM report: https://scoringcyber.rankiteo.com/company/xiamen-four-faith-communication-technology-co-ltd

"id": "xia000011425",
"linkid": "xiamen-four-faith-communication-technology-co-ltd",
"type": "Vulnerability",
"date": "1/2025",
"severity": "100",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Four-Faith',
                        'type': 'Industrial Router Manufacturer'},
                       {'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Neterbit',
                        'type': 'Router Manufacturer'},
                       {'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Vimar',
                        'type': 'Smart Home Device Manufacturer'}],
 'attack_vector': 'Exploiting vulnerabilities in industrial routers and smart '
                  'home devices',
 'date_detected': 'November 2024',
 'description': 'The Gayfemboy botnet has been exploiting a vulnerability in '
                'Four-Faith industrial routers since November 2024 to launch '
                'DDoS attacks. This botnet variant, using the Mirai codebase, '
                'has integrated N-day and 0-day exploits and has been '
                'attacking with over 15,000 daily active nodes. The attacks '
                'have targeted various global entities including the U.S and '
                'China and have resulted in blackholing traffic and disabling '
                'services due to the overwhelming network resources consumed '
                'by DDoS. The botnet targets several vulnerabilities across '
                'different devices and has disrupted not only Four-Faith '
                'routers but also affected other devices like Neterbit routers '
                'and Vimar smart home devices. The severity of this attack is '
                'predominantly on network resources, causing significant '
                'disruption.',
 'impact': {'operational_impact': 'Blackholing traffic and disabling services',
            'systems_affected': ['Four-Faith industrial routers',
                                 'Neterbit routers',
                                 'Vimar smart home devices']},
 'initial_access_broker': {'entry_point': 'Vulnerabilities in industrial '
                                          'routers and smart home devices'},
 'threat_actor': 'Gayfemboy Botnet',
 'title': 'Gayfemboy Botnet Exploiting Four-Faith Industrial Routers',
 'type': 'DDoS Attack',
 'vulnerability_exploited': ['Four-Faith industrial routers',
                             'Neterbit routers',
                             'Vimar smart home devices']}