IoT botnet Hakai focuses on routers from D-Link, Huawei and Realtek.

Get a free Techzine subscription!

After having grown in silence for some time, a new IoT botnet is now slowly making its presence felt. According to security researchers, the Hakai IoT botnet targets routers from D-Link, Huawei and Realtek. Slowly the network grows in size.

Hakai (the Japanese word for destruction) was first discovered in June by NewSky Security security researchers. The first version of the botnet used Qbot, an IoT malware that first appeared on the Internet a few years ago. The first version of the botnet would not be very sophisticated and not very active. But according to researcher Ankit Anubhav, this has changed recently and activity has increased considerably.

Rapid diffusion

At first, the person behind the botnet seemed to be looking for publicity. He asked me to write about it, says Anubhav. He even placed a picture of me on the homepage of the command and control server on hakaiboatnet[.]pw. However, Hakai did not remain inactive for long, as attacks have been active since 21 July.

It is striking that Hakai started with attacks on Huawei routers, using a well-known exploit. It was then extended to D-Link routers that support the HNAP protocol and then to Realtek routers and IoT devices that use an older version of the Realtek SDK.

At the same time, Hakai relies on a highly effective Telnet scanner. These scans do not require knowledge of exploits. Hakai simply takes over devices whose users have not changed the default passwords, or use simple passwords such as root, admin or 1234.

From the publicity

At the moment, Hakai is still mainly active in Latin America. The fear is that the botnet will soon spread more widely, especially now that the code seems to have leaked and has fallen into the hands of several other hackers. Anubhav states that two Hakai variants, called Kenjiro and Izuku, have also found their way to the internet.

Despite the fact that Hakai continues to grow steadily and expands its activity, its creator seems to have disappeared from the publicity. That seems to have something to do with the recent arrest of Nexus Zeta, the person behind the IoT botnet Satori. Like Hakai, Nexus Zeta was very active online and actively approached researchers and journalists. This meant that Nexus Zeta was easy to grab.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.