Custom malware Kaiji targets IoT devices via SSH brute forcing

Chinese origin botnet, Kaiji, built from scratch in the Golang language, can launch multiple DDoS attacks, SSH bruteforcer, SSH spreader.
Updated on
April 19, 2023
Published on
May 13, 2020
Subscribe to the latest industry news, threats and resources.
  • Intezer has discovered a new Chinese origin botnet that targets servers and IoT devices via SSH brute forcing.
  • Unlike common botnets that use implants from popular open source or dark web tools, Kaiji uses custom implants.
  • It has been built from scratch in the Golang programming language, which is uncommon in IoT botnets.
  • Though simple, Kaiji has the capabilities to launch:
    • Multiple DDoS attacks such as ipspoof and synack attacks
    • An SSH bruteforcer module to continue the spread
    • An SSH spreader which hijacks local SSH keys to infect hosts that the server has connected to previously.

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations