Mirai and Gafgyt blocked IoT threat activity
Malware Activity
Summary
Hide ▲
Show ▼
Mirai and Gafgyt dominated blocked IoT threat traffic, concentrating defender detections on two long-running malware families across June 2024 to May 2025. 40% of blocked IoT requests were tied to Mirai, and 35% to Gafgyt. The volume shows sustained targeting of connected devices rather than isolated bursts. Manufacturing and transportation were the most frequently targeted verticals, adding operational risk for environments that depend on always-on device connectivity.
Related Happenings
AI-driven attack surge against customer-facing mobile apps in 2026
Target Trend
First: 19.05.2026 15:00
Last: 19.05.2026 15:00
Sources 1
About this happening:
**Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...
AI-driven attack surge against customer-facing mobile apps in 2026
Target TrendAbout this happening: **Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...
China-nexus threat-Flax Typhoon-Volt Typhoon alliance reshapes ransomware ecosystem operations
Threat Actor Meta
First: 23.04.2026 23:52
Last: 23.04.2026 23:52
Sources 1
About this happening:
**China-nexus** threat actors are industrializing covert botnet infrastructure, expanding **deniable reconnaissance**, **malware delivery**, and **data exfiltration** against **US...
China-nexus threat-Flax Typhoon-Volt Typhoon alliance reshapes ransomware ecosystem operations
Threat Actor MetaAbout this happening: **China-nexus** threat actors are industrializing covert botnet infrastructure, expanding **deniable reconnaissance**, **malware delivery**, and **data exfiltration** against **US...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector Action
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector ActionAbout this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
Keenadu Android backdoor embedded in firmware and app delivery paths
Malware Activity
First: 17.02.2026 16:05
Last: 17.02.2026 16:05
Sources 1
About this happening:
The **Keenadu** Android backdoor was found embedded in **firmware from multiple device brands**, putting infected devices and their installed apps at risk of full compromise. The...
Keenadu Android backdoor embedded in firmware and app delivery paths
Malware ActivityAbout this happening: The **Keenadu** Android backdoor was found embedded in **firmware from multiple device brands**, putting infected devices and their installed apps at risk of full compromise. The...
2025 DDoS surge targets telecommunications, service providers, and carriers
Target Trend
First: 05.02.2026 19:25
Last: 05.02.2026 19:25
Sources 1
About this happening:
**Cloudflare** reports that the **2025 DDoS surge** has continued into **Q3 2025**, with the **Aisuru botnet** driving more than **1,300 attacks** in three months and a record pea...
2025 DDoS surge targets telecommunications, service providers, and carriers
Target TrendAbout this happening: **Cloudflare** reports that the **2025 DDoS surge** has continued into **Q3 2025**, with the **Aisuru botnet** driving more than **1,300 attacks** in three months and a record pea...
Timeline
-
05.11.2025 11:30 2 articles · 6mo ago
Initial report: Mirai and Gafgyt blocked IoT threat activity
Initial Disclosure**Mirai** and **Gafgyt** were the dominant families in blocked **IoT threat** requests over **June 2024 to May 2025**. The split shows sustained malware pressure on connected devices and a need for stronger traffic filtering.
Show sources
- Hundreds of Malware-Laden Apps Downloaded 42 Million Times From Google Play — www.infosecurity-magazine.com — 05.11.2025 11:30
- Hundreds of Malware-Laden Apps Downloaded 42 Million Times From Google Play — www.infosecurity-magazine.com — 05.11.2025 11:30