Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

ShadowV2 botnet exploited AWS outage timeline to test global IoT attacks

The most alarming aspect of the ShadowV2 campaign is its reliance on "zombie" hardware—devices that have reached their End-of-Life (EoL) and will never be patched.

byEmre Çıtak
November 27, 2025
in Cybersecurity, News
Home News Cybersecurity
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

Cybersecurity researchers at Fortinet’s FortiGuard Labs have identified a new Mirai-based botnet, dubbed ‘ShadowV2,’ which appears to have utilized the confusion surrounding a major AWS outage in October to conduct a global operational test. While the botnet was not responsible for the cloud outage, its activity window perfectly aligned with the downtime, suggesting the operators seized the moment to assess their capabilities with reduced visibility. The malware specifically targets Internet of Things (IoT) devices from vendors including D-Link, TP-Link, DD-WRT, DigiEver, and TBK, leveraging at least eight known vulnerabilities to compromise network equipment.

The most alarming aspect of the ShadowV2 campaign is its reliance on “zombie” hardware—devices that have reached their End-of-Life (EoL) and will never be patched. Specifically, the botnet exploits CVE-2024-10914 and CVE-2024-10915, command injection flaws found in older D-Link devices. Following inquiries regarding these flaws, D-Link confirmed that no fixes would be issued for the impacted models as they are no longer under development, leaving users permanently vulnerable unless the hardware is physically replaced. The malware also exploits a beta-patched flaw in TP-Link devices (CVE-2024-53375) and a legacy vulnerability in DD-WRT dating back to 2009.

Technical analysis reveals that the attacks originated from the IP address 198[.]199[.]72[.]27, utilizing a downloader script to fetch the malicious payload from a secondary server. Identifying itself as “ShadowV2 Build v1.0.0 IoT version,” the malware employs XOR-encoded configurations to mask its filesystem paths and utilizes a codebase similar to the Mirai LZRD variant. Once a device is compromised, it becomes part of a botnet capable of launching distributed denial-of-service (DDoS) attacks across UDP, TCP, and HTTP protocols.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

The scope of this “test run” was extensive, impacting sectors including government, technology, manufacturing, telecommunications, and education across North and South America, Europe, Africa, Asia, and Australia. While the operators’ monetization strategy remains unclear, the sophisticated targeting of unpatchable legacy infrastructure indicates a strategy built on long-term persistence rather than quick, opportunistic strikes.


Featured image credit

Related Posts

Android Halo will place AI agent updates in status bar

Android Halo will place AI agent updates in status bar

July 2, 2026
WhatsApp usernames spark impersonation and fraud concerns

WhatsApp usernames spark impersonation and fraud concerns

July 2, 2026
Apple reportedly plans entry-level MacBook Pro redesign for 2027

Apple reportedly plans entry-level MacBook Pro redesign for 2027

July 2, 2026
X launches Live Studio with new creator payouts

X launches Live Studio with new creator payouts

July 2, 2026
Sony will end physical PlayStation game discs in 2028

Sony will end physical PlayStation game discs in 2028

July 2, 2026
Microsoft explores disc-to-digital support for Xbox games

Microsoft explores disc-to-digital support for Xbox games

July 2, 2026

LATEST NEWS

Android Halo will place AI agent updates in status bar

WhatsApp usernames spark impersonation and fraud concerns

Apple reportedly plans entry-level MacBook Pro redesign for 2027

X launches Live Studio with new creator payouts

Sony will end physical PlayStation game discs in 2028

Microsoft explores disc-to-digital support for Xbox games

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Copyleaks – Plagiarism detector

Clipping Magic

KoalaChat

SpeechText

Booknotes

Unscrambler

LingoLooper

Politepost

Evolup

Wondercraft

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.