More than 10,000 IoT devices around the world are infected with malware 80% are from China = South Korean intelligence agency

NIS logo (provided by the agency) = (Yonhap News) ≪Reproduction and diversion prohibited≫

[Seoul Yonhap News] According to the National Intelligence Service of South Korea on the 19th, about 11,700 Internet of Things (IoT) equipment (equipment and equipment) in 72 countries and regions around the world are using the Mozi botnet. announced that it was confirmed to be infected with a malicious program called ". The Moji botnet attacks and infects equipment that uses insecure passwords or is not using the latest software, and uses this equipment for distributed denial of service attacks (DDoS attacks). Use it as a stepping stone. In December last year, the National Intelligence Service (NIS) obtained information from the Russian authorities that there had been an attempt to hack via a South Korean IP address. Confirmed to be infected with botnet. In addition, according to surveys targeting national and public institutions, there are approximately 11,700 domestic and overseas wired and wireless routers, surveillance cameras, video recording devices (DVR), and computer-integrated advertising monitors (approximately 100 in Japan). ) were newly confirmed to be infected with the same malware. Some of the infected IoT equipment was used as a waypoint for the distribution of malicious programs for crypto asset (virtual currency) mining. The NIS explained that it had taken emergency measures in the sense of prevention, as there was a risk that the scale of damage would further expand if private companies and individuals were investigated. In order to prevent damage in Japan, at the beginning of this month, we communicated information to public institutions and private companies through the cyber threat information sharing system (NCTI / KCTI), and together with related organizations, we will take measures such as blocking transit points and removing malicious programs. Is going. In addition, we shared information with the United States, Japan, and some member countries of the European Union (EU) where the IP addresses of infected equipment were confirmed, and the relevant authorities in China, which accounted for 83% of the infected equipment, were not affected. We provided materials for preventing expansion and identifying attackers. An official from the National Intelligence Service said, "The main targets of this attack are equipment that has not changed the password set at the time of purchase or uses a password that can be easily guessed by a third party. "When using IoT equipment, please pay attention to basic security such as changing passwords."

Copyright 2022YONHAP NEWS.