The Reveal Platform
Intel Name: Shadowv2 casts a shadow over iot devices
Date of Scan: November 27, 2025
Impact: High
Summary: At the end of October, during a global AWS connectivity disruption, Labs detected malware known as “ShadowV2” exploiting IoT vulnerabilities to spread. The incidents impacted multiple countries and affected seven different industries. To date, the malware has only been observed operating during the major AWS outage window. We assess that this activity was likely a trial run in preparation for future attacks. Detected active exploitation attempts associated with a Mirai-based botnet referred to as ShadowV2. It exploited vulnerabilities in the following vendors’ products from the host 198[.]199[.]72[.]27:
