Just a few days ago, the notorious Internet of Things (IoT) botnet known as Mirai (detected by Trend Micro as ELF_MIRAI family) was detected as being active in a new campaign targeting Argentina, when red flags were raised after an increase in traffic on ports 2323 and 23. It appears that the campaign has already spread further to other parts of South America and North Africa – We detected a spike of activity from Mirai in a series of attack attempts in Colombia, Ecuador, Panama, Egypt, and Tunisia, as well as more activity in Argentina.
We were able to gather data from six countries regarding this newest wave. From November 29, 14:00 UTC to November 29, 20:00 UTC, 371,640 attack attempts were detected coming from roughly 9,000 unique IP addresses. Colombia emerged as the main target for the second wave of attack attempts, with Ecuador, Argentina, Egypt, and Tunisia showing similar patterns. The exception is Panama, which experienced attacks later and showed lower numbers than the other countries. The graph below compares the frequency of attacks for the first wave (Argentina) and the second wave (Colombia and Panama):