Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery

May 9, 2024 at 07:49AM Two security flaws in Ivanti Connect Secure devices are exploited by the Mirai botnet, as per Juniper Threat Labs. Vulnerabilities CVE-2023-46805 and CVE-2024-21887 allow attackers to execute arbitrary code and deploy malware on susceptible instances. This comes as SonicWall reports a fake Windows File Explorer executable installing a cryptocurrency miner. … Read more

Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals

May 3, 2024 at 09:10AM Trend Micro reports that the APT28 cyberespionage group, linked to Russia, used a botnet of Ubiquiti routers for espionage. The FBI dismantled the botnet in January 2024, but Trend Micro found remnants and expanded botnet details. APT28 used infected devices for various illicit activities, including proxying stolen credentials and cryptocurrency … Read more

New “Goldoon” Botnet Targets D-Link Routers With Decade-Old Flaw

May 2, 2024 at 06:27AM A new botnet named Goldoon exploits D-Link routers through a long-standing vulnerability, allowing for remote code execution. This botnet uses a dropper script to download and execute the Goldoon malware, enabling diverse attack methods, including DDoS flooding. This development reflects the persistent evolution of botnets, which increasingly target routers for … Read more

Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses

April 26, 2024 at 10:18AM Sekoia reports that over 90,000 unique IP addresses are still infected with a self-spreading PlugX worm variant, attributed to a China-linked threat actor. The malware spreads through infected USB drives, creating potential risks for data exfiltration and surveillance, especially in regions strategically important to China’s Belt and Road Initiative. Sekoia … Read more

Moldovan charged for operating botnet used to push ransomware

April 17, 2024 at 03:00PM Alexander Lefterov, also known as Alipako, Uptime, and Alipatime, has been charged by the U.S. Justice Department for operating a significant botnet that infected thousands of computers in the United States. The indictment revealed that he and his associates stole credentials, accessed financial accounts, and provided access to the botnet … Read more

RUBYCARP hackers linked to 10-year-old cryptomining botnet

April 9, 2024 at 11:37AM The RUBYCARP botnet, operated by a Romanian group, is exploiting vulnerabilities and conducting brute force attacks to compromise corporate networks for financial gain. Managed through private IRC channels, the botnet runs over 600 compromised servers, using Perl-based payloads for attacks with low detection rates. It has been active for over … Read more

10-Year-Old ‘RUBYCARP’ Romanian Hacker Group Surfaces with Botnet

April 9, 2024 at 10:45AM RUBYCARP, a suspected Romanian threat group, has been running a botnet for over 10 years, using it for crypto mining, DDoS, and phishing. The group utilizes various public exploits and brute-force attacks, communicates through IRC networks, and employs a malware called ShellBot. Their activities include exploiting security flaws, creating a … Read more

US Government Urges Cleanup of Routers Infected by Russia’s APT28

February 28, 2024 at 07:45AM The US government has urged organizations and consumers to clean up their Ubiquiti routers following the dismantling of a botnet utilized by a Russian cyberespionage group known as APT28. The group, also called Fancy Bear, had been using compromised routers for covert operations since 2022, targeting various organizations worldwide. The … Read more

Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks

February 22, 2024 at 05:51AM SSH-Snake, a network mapping tool, has been repurposed by threat actors to conduct malicious activities. The self-replicating worm leverages SSH credentials to spread throughout the network and harvest credentials and IP addresses. It has been observed in real-world attacks, highlighting the importance of comprehensive security measures. Additionally, a new botnet … Read more

U.S. Government Disrupts Russian-Linked Botnet Engaged in Cyber Espionage

February 16, 2024 at 02:03AM The U.S. government disrupted a botnet using SOHO routers linked to APT28 for cyber-espionage against U.S. and foreign targets. The botnet, dubbed MooBot, allowed threat actors to harvest credentials and conceal their location. The operation, known as Dying Ember, involved deleting stolen data and modifying firewall rules to block access. … Read more