It has been announced that a hacker has been downloading anime videos for 8 years by turning silent D-Link NVR and NAS devices into a botnet. The botnet, which was first detected in 2012, was rendered dysfunctional in the winter of 2019.
Cyber security researchers shared a very interesting hacking activity with the public today. According to researchers from Forcepoint, a hacker turned D-Link NVR (network video recorders) and NAS (network-attached storage) devices into a botnet for about 8 years. The only purpose of this silent operation was to connect to online websites and download anime videos. This botnet, called Cereals and first seen in 2012, was able to collect more than 10,000 boats in 2015, when it reached its peak.
Despite its size, botnet managed to operate without getting caught on the radar of cyber security firms. Cereals began to disappear slowly because the D-Link devices that they used were deficient and became obsolete by their owners. In addition, Cereals malicious software was destroyed in the attack of ransomware called Cr1ptT0r against D-Link devices in the winter of 2019. Cereals’ story was shared with the public with the disappearance of the botnet and unprotected devices, the leading role of the 8-year adventure.
It used only one vulnerability:
Cereals’ way of operating was unique, the researchers say, because this botnet used only one gap in its 8-year lifetime. This vulnerability was exploited through the SMS notification feature of the D-Link firmware, by the company activating the line on NAS and NVR devices. Open; Cereals allowed the owner to send a maliciously arranged HTTP request to the server of the vulnerable device, thereby running commands with root directory privileges.
According to Forcepoint’s statement, the hacker scanned the Internet to find D-Link systems with this vulnerability and, using this vulnerability, installed Cereals software on NAS and NVR devices. Cereals, however, seems to be a highly developed system despite using a single vulnerability. The botnet, which has 4 separate backdoor mechanisms for accessing infected devices, patched the system of devices and managed bots through 12 small subnets to prevent other attackers from taking over the system.
Forcepoint researchers emphasize that Cereals is a ‘hobby project’ despite all its advanced features. Botnet, which did not attempt to operate beyond D-Link NAS and NVR systems, was not used for any activities other than downloading anime videos. Botnet, which does not do DDoS attacks, is also not directed to obtain user data on the devices it manages. The German hacker, whose name is said to be Stefan, is therefore thought not to have created the botnet for the purpose of committing any crime.