Signals

Monitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real timeMonitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real time

DRAGONS COMMUNITY

Your trusted source for cybersecurity, technology, and AI insights

Platform

News
AI
Vulnerabilities
CVE Database
Threat Intelligence
Ransomware
Resources

Product

Pricing
Enterprise
Dashboard
API
Advertise

Company

About
Careers
Contact
Newsletter

Legal

Privacy Policy
Terms of Service
Cookie Policy

Made with by Dragons Community for the cybersecurity community

support@dragons.community● All Systems Operational

SwarmBot IoT botnet expanding to industrial control devices — Dragons Community | Dragons Community

← Threat Intelligence

Malware ActivityTLP:GREENHighConfidence: Medium

SwarmBot IoT botnet expanding to industrial control devices

Published May 21, 2026 · open source

Summary

New SwarmBot variants are targeting industrial control system gateways with default credentials. Expansion beyond consumer IoT suggests evolving operator ambitions.

Safety Note

Fictional botnet expansion. No real ICS targets, default credential lists or exploitation code included.

Related Malware

SwarmBot

botnet · SwarmBot, SB-IoT

MITRE ATT&CK Techniques

T1078 — Valid Accounts

Persistence

Enforce MFA on all accounts. Monitor for impossible travel and unusual login patterns. Implement privileged access management. Review service account usage.

Related IOCs

Mozilla/5.0 (MockBot/2.0; SwarmAgent)

User Agent · Active

203.0.113.88

IP Address · Active