Malware & Threats

Juniper Warns of Mirai Botnet Targeting Session Smart Routers

Juniper Networks says a Mirai botnet is ensnaring session smart router devices that are using default passwords.

Juniper Networks says a Mirai botnet is ensnaring session smart router devices that are using default passwords.

Juniper Networks routers using default passwords have been targeted in a botnet infection campaign, the networking products manufacturer warns.

According to the company, multiple customers reported a week ago suspicious behavior on their session smart routers (SSR), which was determined to be an infection with Mirai malware.

All the impacted systems were using default credentials, were ensnared in a botnet, and were used to launch distributed denial-of-service (DDoS) attacks against other systems.

“Any customer not following recommended best practices and still using default passwords can be considered compromised as the default SSR passwords have been added to the virus database,” Juniper notes in an advisory.

The malware scans the internet for devices that are using default usernames and passwords, attempts to gain access to them, and then allows threat actors to execute various commands remotely to perform malicious activities, including launching DDoS attacks.

Juniper advises organizations to monitor for unusual port scanning activity (such as connection attempts to TCP port 23), failed SSH login attempts indicating brute-force attacks, spikes in outbound traffic volume to unknown external IPs, unexpected device reboots and erratic behavior, and connections from known malicious IP addresses.

Advertisement. Scroll to continue reading.

“If a system is found to be infected, the only certain way of stopping the threat is by reimaging the system as it cannot be determined exactly what might have been changed or obtained from the device,” Juniper notes.

Organizations are advised to change the default credentials on all routers and implement strong, unique passwords for each device, regularly review access logs to identify suspicious activity, use firewalls to block unauthorized access, monitor network behavior, and ensure that their devices are kept always updated.

“By staying vigilant and implementing these best practices, organizations can reduce their risk of falling victim to Mirai and similar malware,” Juniper says.

Related: Citrix Warns of Password Spraying Attacks Targeting NetScaler Appliances

Related: Password Report: Honeypot Data Shows Bot Attack Trends Against RDP, SSH

Related: Microsoft Disrupts Infrastructure Used by Russia’s Hackers in Ukraine Attacks

Related: Dozens of Dormant North American Networks Suspiciously Resurrected at Once

Related Content

Malware & Threats

Law enforcement and private partners took down 106 SocGholish C&C servers and domains as part of Operation Endgame.

Cybercrime

Dutch authorities seized command-and-control servers tied to a botnet of infected computers, smartphones, and tablets that was allegedly used to power a residential proxy...

Malware & Threats

Security firms took down all four command-and-control (C&C) channels used by the GlassWorm malware.

Cybercrime

Jacob Butler, 23, has been arrested in Canada and US authorities are seeking his extradition on computer hacking charges.

Malware & Threats

The exploitation of the command injection vulnerability started one year after public disclosure and PoC exploit code publication.

Malware & Threats

Focused on persistence, the botnet does not engage in widespread infection and avoids blacklisted IPs and critical infrastructure entities.

Cybercrime

Ilya Angelov was a member of the cybercrime group tracked as TA-551, Shathak, Gold Cabin, Monster Libra, and ATK236.

Cybercrime

The lesser-known JackSkid and Mossad botnets have also been targeted in the operation.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version