July 5, 2024 at 12:26AM
Cybersecurity researchers discovered a new botnet, Zergeca, capable of DDoS attacks. It supports six attack methods, proxying, scanning, self-upgrading, reverse shell, and more. Notably, it uses DNS-over-HTTPS for C2 communications and continuous development. Linked to previous botnet activity, it targeted Canada, Germany, and the U.S. with ACK flood DDoS attacks. Zergeca has distinct modules for various functionalities.
From the meeting notes, it’s clear that a new botnet named Zergeca has been identified by cybersecurity researchers. This botnet is notable for its capabilities, including conducting DDoS attacks, proxying, scanning, self-upgrading, reverse shell, and collecting sensitive device information. Zergeca also employs techniques such as DNS-over-HTTPS (DoH) and a lesser-known library called Smux for C2 communications.
Moreover, evidence indicates that the malware is being actively developed and that the C2 IP address associated with the botnet was previously used to distribute the Mirai botnet. Furthermore, attacks mounted by Zergeca have primarily targeted Canada, Germany, and the U.S., with a focus on ACK flood DDoS attacks.
Zergeca’s features are composed of four modules: persistence, proxy, silivaccine, and zombie, each with specific functionalities related to setting up persistence, proxying, gaining control over devices, and carrying out botnet operations. The XLab team emphasized that the botnet shows familiarity with common Linux threats and employs evasion tactics such as modified UPX packing, XOR encryption, and using DoH to hide C2 resolution.
This information indicates a significant cybersecurity threat posed by the Zergeca botnet, and it’s essential for organizations to be vigilant and take appropriate measures to protect against potential attacks.
Would you like me to perform any specific actions based on this information?