September 18, 2024 at 01:09PM Lumen Technologies researchers have identified a large-scale botnet, Raptor Train, controlled by a Chinese state-sponsored espionage group known as Flax Typhoon. The botnet targets US and Taiwanese organizations in critical sectors using IoT devices and has a robust command and control infrastructure. The botnet has been used for extensive scanning … Read more
September 18, 2024 at 12:05PM The FBI and cybersecurity researchers have disrupted the massive Chinese botnet “Raptor Train,” which targeted critical infrastructure in the US and other countries, including entities in the military, government, education, and IT sectors. The botnet, employing multi-tier architecture, infected over 260,000 networking devices, primarily routers, modems, NVRs, DVRs, IP cameras, … Read more
May 30, 2024 at 02:57PM The ‘Pumpkin Eclipse’ botnet attack in October 2023 targeted a specific ISP in the Midwest, resulting in the destruction of 600,000 SOHO routers, disrupting internet access for customers. The attackers used a destructive botnet named Chalubo and its unique aspects suggest a deliberate, unattributed cyber attack. The incident caused significant … Read more
May 1, 2024 at 11:21AM Lumen’s Black Lotus Labs have discovered a new malware platform named Cuttlefish, capable of harvesting public cloud authentication data from enterprise and SOHO routers. The platform, similar to HiatusRat, is believed to be linked to a Chinese hacking group targeting US and European organizations. Cuttlefish is specifically designed to capture … Read more
March 26, 2024 at 02:42PM Lumen Technologies’ Black Lotus Labs discovered a 40,000-strong botnet comprised of end-of-life routers and IoT devices, used by a cybercriminal group to power the Faceless proxy service. The botnet, in operation since 2014, has grown to 40,000 bots from 88 countries. Researchers urge network defenders to watch for attacks on … Read more
March 26, 2024 at 11:05AM A new variant of “TheMoon” malware botnet has infected thousands of outdated SOHO routers and IoT devices in 88 countries. Linked to the “Faceless” proxy service, it’s utilized by cybercriminals to anonymize their activities. Black Lotus Labs observed it targeting over 6,000 ASUS routers in less than 72 hours. Common … Read more
December 15, 2023 at 09:54AM A new botnet named KV-botnet, compromising firewalls and routers from various manufacturers, is used for covert data transfer by advanced persistent threat actors, particularly the China-linked threat actor Volt Typhoon. The botnet’s two clusters target high-profile victims and utilize IP addresses based in China. The operators also focus on removing … Read more