12000 Italian hosts used by the Aethra Botnet

The Aethra botnet was discovered by the security company Voidsec – they published a full report about the Aethra botnet, but what really triggered me and surprised me was the fact that the compromised devices (12000 hosts) were breached by using credentials which should not be allowed in the first place.

The report states that the Aethra botnet was capable of infecting/controlling these devices as the credentials which were used were:

  • user name: [BLANK]
  • password: [BLANK]Aethra-device-04Aethra-device-03

The devices use the IP addresses of Fastweb, Albacom (BT-Italia), CloudItalia, Qcom, WIND and BSI Assurance UK.Aethra-device-02

The researchers from VoidSec explained that the dashboard of the Aethra devices are vulnerable to CSRF and XSS, which allows the attackers to push commands to the device.Aethra-device-01