Threat actors are exploiting a zero-day vulnerability in Cambium Networks cnPilot routers to deploy a new variant of the AISURU botnet, called AIRASHI. This botnet has been operational since June 2024 and is capable of conducting distributed denial-of-service (DDoS) attacks, demonstrating attack capacities stable around 1-3 Tbps. The affected devices are primarily located in Brazil, Russia, Vietnam, and Indonesia, targeting regions like China and the U.S. Additional vulnerabilities have also been exploited. AIRASHI is an updated version of AISURU, which re-emerged with new features after briefly suspending activities in September 2024.
According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024.
AIRASHI is a variant of the AISURU botnet that was previously flagged by the cybersecurity company in August 2024.
Collection
[
|
...
]