Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

June 11, 2024 at 10:51AM

Cybersecurity researchers have unveiled the activities of a Chinese threat actor called SecShow, targeting open DNS resolvers globally, potentially for malicious purposes. Meanwhile, a financially-motivated threat actor advertises a botnet service, Rebirth, targeting game servers for DDoS attacks. This reflects an increasing trend of cyber threats targeting gaming communities for financial gain.

In the meeting notes, it is highlighted that cybersecurity researchers have identified a Chinese threat actor codenamed SecShow conducting large-scale Domain Name System (DNS) probing activities. The actor operated from the China Education and Research Network (CERNET) and utilized CERNET nameservers to identify open DNS resolvers and calculate DNS responses, with the aim of potential malicious activities. Additionally, a financially motivated threat actor has been found advertising a new botnet service called Rebirth to facilitate Distributed Denial-of-Service (DDoS) attacks, primarily targeting the video gaming community.

Furthermore, it’s important to note that these activities have been previously disclosed, and the SecShow nameservers are no longer responsive as of mid-May 2024. Rebirth, based on the Mirai malware family, offers various price points for renting out the botnet to target game servers for financial gain and is also capable of launching DDoS attacks over TCP and UDP protocols.

The article concludes with the removal of old posts from the associated Telegram channel for Rebirth, along with the advertisement of a bulletproof hosting service.

If you require any additional information or analysis on specific aspects of these meeting notes, please feel free to ask.

Full Article