January 18, 2024 at 05:21AM
Security researchers have traced a DDoS botnet infecting millions of smart TVs and set-top boxes to the Bigpanzi cybercrime syndicate. At its peak, 170,000 bots were running daily and were used for cybercrimes such as DDoS attacks and hijacking broadcasts. The researchers aim to combat Bigpanzi and seek collaboration from the cybersecurity community.
The meeting notes you’ve provided are related to a concerning discovery about a DDoS botnet that has infected potentially millions of smart TVs and set-top boxes. The botnet, dubbed Bigpanzi, has been operating for at least eight years and poses a significant threat due to its potential to broadcast violent, terroristic, or pornographic content, as well as engaging in cybercrimes such as DDoS attacks and replacing legitimate channels’ content with attacker-controlled material.
The malware behind the botnet, called pandoraspear, has inherited DDoS commands from the notorious Mirai and has been under active development, continually evolving with more sophisticated attack vectors. Although the researchers have traced the botnet back to a single company, they have not disclosed its identity.
Bigpanzi’s activities have primarily been concentrated in Brazil, particularly in São Paulo, with the peak of the botnet’s operations involving around 170,000 bots. Upon discovering and taking control of some of the botnet’s command and control domains, the researchers faced aggressive responses from the criminals, including DDoS attacks and manipulation of infected devices’ host files.
The researchers expressed the need for collaborative efforts from the cybersecurity community to combat the Bigpanzi group effectively, as their current findings represent just a fraction of the overall scope of the threat.
Overall, the meeting notes outline the significant security risks posed by the Bigpanzi botnet and the ongoing efforts to trace and combat its operations.