Unmasking Botnet Attacks: How Wazuh Server Vulnerabilities Facilitate Mirai Infiltrations
exists in the central Wazuh server.
Two Different Variants of Mirai Botnets Observed
Security experts at Akamai observed two distinct botnets carrying out the Mirai-based attacks.
While both functioned based on similar principles, they were unique in their composition and methods of operation.
Notably, the infamous Mirai malware that these botnets leverage was initially known for its relentless distributed denial-of-service (DDoS) attacks that left large parts of the internet inaccessible in 2021.
The Vicious Exploitation of the Wazuh Server Vulnerability
Hackers are exploiting a previously unaddressed and patched vulnerability in Wazuh, an open-source security detection, visibility, and compliance management solution.
CVE-2025-24016 is an unsafe deserialization bug in the central Wazuh server used to process serialized data.
It can allow unauthenticated remote attackers to execute arbitrary code leading to the compromise of the server.
The threat actors are exploiting this vulnerability to drop and execute two distinct Mirai variant payloads with an ultimate goal of conducting DDoS attacks.
Threat Mitigation Advice
Cybersecurity professionals can follow several strategies to counter this threat.
Organizations using Wazuh are strongly advised to update their systems if they have not done so.
The vulnerability has already been patched by the Wazuh team, and running the latest software version eliminates the risk of exploitation.
Regular system patches and updates remain the most effective way to defend against known vulnerabilities.
Additionally, organizations are encouraged to adopt a layered security approach that includes network segmentation, threat intelligence, and the use of intrusion detection systems (IDS).
By so doing, they can reduce their surface of attack and enhance their ability to identify and respond to breaches before substantial damage occurs.
On-going Watch
Cybersecurity companies should remain vigilant, as threat actors continuously refine their tactics to evade detection.
Staying in the loop with warning advisories from organizations like Akamai ensures organizations stay abreast with current threats.
Follow-Up Reading
