Security company Netlab 360 has published an interesting post on Fbot. Fbot is a Mirai based botnet. It is extremely active and it is actively targeting environments, looking for vulnerabilities to exploit.
In the post by Netlab, they explain that they suspect to have found roadside equipment systems that have been infected with the Fbot Mirai malware.
On February 20, 2021, the unknown threat detection system of 360 Network Security Research Institute detected that the attacker was using the remote command execution vulnerability (CVE-2020-9020) of the Vantage Velocity product of Iteris, Inc. of the United States to spread Fbot botnet samples.
According to Wikipedia, Iteris, Inc. provides software and consulting services for smart mobile infrastructure management, including software as a service, hosting and consulting services, and produces sensors and other equipment that record and predict traffic conditions.
Combined with the use of the Vantage Velocity product, and the AIrLink GX450 Mobile Gateway product information was found on the affected device, Netlab speculates that the affected device is a roadside equipment system.
Fbot uses the SYN port detection technique in the propagation process to improve the propagation efficiency.
Read the complete report here: https://blog.netlab.360.com/fbot-is-now-riding-the-traffic-and-transportation-smart-devices/