APT / THREAT GROUP
Mirai
4
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.
Threat Analysis
Mirai is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Mirai
FBI, Google Take Down NetNut Proxy Network Used by Cyber Threat Actors
Infosecurity Magazine· Jul 3, 2026
Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
The Hacker News· May 6, 2026
New Mirai campaign exploits RCE flaw in EoL D-Link routers
BleepingComputer· Apr 22, 2026
Mirai Botnet Targets Flaw in Discontinued D-Link Routers
SecurityWeek· Apr 22, 2026
Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet
Infosecurity Magazine· Apr 20, 2026
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
The Hacker News· Apr 18, 2026
A Deep Dive Into Attempted Exploitation of CVE-2023-33538
Palo Alto Unit 42· Apr 16, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases4
Also Known As
Katanawin.miraiMiraielf.mirai
External Intelligence
Malpedia: win.miraiResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.