| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Water Barghest is a cybercriminal group that has compromised over 20,000 IoT devices by October 2024, monetizing them through a residential proxy marketplace. They automate the entire process from identifying vulnerable devices using n-day and zero-day exploits to deploying Ngioweb malware and selling the compromised assets. Their operations include leveraging Ubiquiti EdgeRouter devices for espionage and utilizing automated scripts to exploit vulnerabilities within minutes of discovery. Water Barghest has maintained a low profile for years, but their activities gained attention due to the deployment of a zero-day vulnerability against Cisco IOS XE devices in October 2023.
| 2024-11-19
⋅
Lumen
⋅
One Sock Fits All: The Use And Abuse Of The NSOCKS Botnet Ngioweb Ngioweb |
| 2024-11-18
⋅
Trend Micro
⋅
Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices Ngioweb Water Barghest |
| 2024-11-18
⋅
Trend Micro
⋅
Inside Water Barghests Rapid Exploit-to-Market Strategy for IoT Devices Ngioweb |
| 2024-11-18
⋅
Trend Micro
⋅
Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices Ngioweb |
| 2024-11-01
⋅
LevelBlue
⋅
Ngioweb Remains Active 7 Years Later Ngioweb |
| 2024-05-01
⋅
Trend Micro
⋅
Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks Ngioweb SSHDoor |
| 2020-11-13
⋅
Netlab
⋅
Quick update on the Linux.Ngioweb botnet, now it is going after IoT devices Ngioweb |
| 2020-11-05
⋅
Intezer
⋅
Tweet on Ngioweb botnet Ngioweb |
| 2019-06-21
⋅
Network Security Research Lab @ Qihoo 360
⋅
An Analysis of Linux.Ngioweb Botnet Ngioweb |