April 25, 2017

300,000 obeying devices: Hajime is conquering the Internet of Things world

Kaspersky Lab research shows massive IoT device peer-to-peer botnet with an unknown end goal

Woburn, MA – April 25, 2017 - Kaspersky Lab has published the results of its investigation into the activity of Hajime, an Internet of Things (IoT) malware that is building an enormous peer-to-peer botnet. Although the end goal remains unknown, the botnet has been propagating extensively, currently including almost 300,000 malware-compromised devices that can be used at the malware author’s disposal, without the victim’s knowledge.

Hajime, meaning ‘beginning’ in Japanese, showed first signs of activity in October 2016. As an advanced and stealthy family, it uses different techniques – mainly brute-force attacks on device passwords – to infect devices, and then takes a number of steps to conceal itself from the compromised victim.

Since its inception, Hajime has been developing new propagation techniques. There is no attacking code or capability within the malware, only a propagation module. As it takes over IoT devices, it makes them part of its peer-to-peer botnet, which is a decentralized group of compromised machines discreetly performing spam or DDoS attacks.

According to Kaspersky Lab researchers, Hajime does not exclusively attack a specific type of device, but rather any device on the internet. Nevertheless, malware authors are focusing their activities on certain devices, including Digital Video Recorders, web cameras and routers. However, Hajime avoids several networks, including those of General Electric, Hewlett-Packard, the US Postal Service, the United States Department of Defense, and a number of private networks.

Infections had primarily come from Vietnam (over 20%), Taiwan (almost 13%) and Brazil (around 9%) at the time of research. Most of the compromised devices are located in Iran, Vietnam and Brazil. Throughout the research period, Kaspersky Lab revealed at least 297,499 unique devices sharing the Hajime configuration.

“The most intriguing thing about Hajime is its purpose,” said Konstantin Zykov, senior security researcher, Kaspersky Lab. “While the botnet is getting bigger and bigger, its objective remains unknown. We have not seen its traces in any type of attack or additional malicious activity. Nevertheless, we advise owners of IoT devices to change the password of their devices to one that’s difficult to brute force, and to update their firmware if possible.”

To learn more about Hajime botnet, read the blog post available at Securelist.com.

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.

Learn more at www.kaspersky.com.

For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam

Follow @Securelist on Twitter

Threatpost | The First Stop for Security News

Follow @Threatpost on Twitter

Media Contact

Sarah Kitsos