Outlaw Threat Group Using Perl Shellbot to Target Enterprise IoT Devices
The Trend Micro Cyber Safety Solutions Team observed a Perl Shellbot exploiting CVE-2017-1000117 to distribute an Internet Relay Chat (IRC) bot. This vulnerability enables attackers to pass a crafted “ssh://…” URL to unsuspecting victims and execute programs on their devices. According to Trend Micro, this threat can affect enterprise IoT devices, Linux servers, Windows-based environments and Android devices.
Outlaw communicates with the botnet using two compromised servers that belong to a Japanese art institution and a Bangladeshi government website. The threat group linked these two servers to a high-availability cluster to host an IRC bouncer and leveraged this asset for command-and-control (C&C) to target large businesses in more than a dozen countries, including the U.S., Germany, Israel and Japan. Read more…