Botnet takes advantage of AWS outage to hit 28 countries www.theregister.com/2025/11/2…
A Mirai-based botnet known as ShadowV2 surfaced during last October’s large-scale AWS outage, compromising IoT devices across multiple sectors and regions. Fortinet’s FortiGuard Labs suggests the activity may have been a “test run” for future, more disruptive campaigns.
Once the malware infiltrates vulnerable devices, it assembles them into a distributed network that can be remotely controlled to execute large-scale operations, including distributed denial-of-service (DDoS) attacks.
The botnet spread by exploiting several vulnerabilities affecting devices from multiple vendors, including: • DD-WRT: CVE-2009-2765 • D-Link: CVE-2020-25506, CVE-2022-37055, CVE-2024-10914, CVE-2024-10915 • DigiEver: CVE-2023-52163 • TBK: CVE-2024-3721 • TP-Link: CVE-2024-53375
These details were outlined by Fortinet antivirus analyst Vincent Li in a Wednesday blog post.
