May 28, 2024 at 03:08PM The U.S. Treasury Department sanctioned a cybercrime network involving Chinese nationals and Thai companies linked to the “911 S5” botnet, which compromised 19 million IP addresses. The botnet facilitated cybercrimes, including fraudulent applications and bomb threats. Sanctions were imposed on individuals and entities involved, prohibiting transactions with U.S. interests and … Read more
May 28, 2024 at 06:45AM CatDDoS botnet has exploited over 80 security flaws in the last three months to infect devices and launch DDoS attacks. It targets routers and networking equipment, mostly affecting devices from various vendors. The malware uses ChaCha20 encryption, employs an OpenNIC domain for C2, and shares encryption key/nonce pair with other … Read more
May 17, 2024 at 01:30PM Cloud security firm Aqua recently uncovered the evolving threat of Kinsing, a persistent cryptojacking group utilizing newly disclosed vulnerabilities to expand its botnet. The malware exploits various flaws to enroll systems in crypto-mining, targeting open-source applications and utilizing scripts and binaries to carry out attacks on Linux and Windows systems. … Read more
May 14, 2024 at 12:37PM Summary: Ebury, a malware botnet, has infected nearly 400,000 Linux servers since 2009, with around 100,000 still compromised in late 2023. ESET researchers have tracked the financially motivated operation for over a decade, observing updates in its capabilities. Recent tactics involve breaching hosting providers, stealing credentials, exploiting vulnerabilities, and employing … Read more
May 9, 2024 at 07:49AM Two security flaws in Ivanti Connect Secure devices are exploited by the Mirai botnet, as per Juniper Threat Labs. Vulnerabilities CVE-2023-46805 and CVE-2024-21887 allow attackers to execute arbitrary code and deploy malware on susceptible instances. This comes as SonicWall reports a fake Windows File Explorer executable installing a cryptocurrency miner. … Read more
May 3, 2024 at 09:10AM Trend Micro reports that the APT28 cyberespionage group, linked to Russia, used a botnet of Ubiquiti routers for espionage. The FBI dismantled the botnet in January 2024, but Trend Micro found remnants and expanded botnet details. APT28 used infected devices for various illicit activities, including proxying stolen credentials and cryptocurrency … Read more
May 2, 2024 at 06:27AM A new botnet named Goldoon exploits D-Link routers through a long-standing vulnerability, allowing for remote code execution. This botnet uses a dropper script to download and execute the Goldoon malware, enabling diverse attack methods, including DDoS flooding. This development reflects the persistent evolution of botnets, which increasingly target routers for … Read more
April 26, 2024 at 10:18AM Sekoia reports that over 90,000 unique IP addresses are still infected with a self-spreading PlugX worm variant, attributed to a China-linked threat actor. The malware spreads through infected USB drives, creating potential risks for data exfiltration and surveillance, especially in regions strategically important to China’s Belt and Road Initiative. Sekoia … Read more
April 17, 2024 at 03:00PM Alexander Lefterov, also known as Alipako, Uptime, and Alipatime, has been charged by the U.S. Justice Department for operating a significant botnet that infected thousands of computers in the United States. The indictment revealed that he and his associates stole credentials, accessed financial accounts, and provided access to the botnet … Read more
April 9, 2024 at 11:37AM The RUBYCARP botnet, operated by a Romanian group, is exploiting vulnerabilities and conducting brute force attacks to compromise corporate networks for financial gain. Managed through private IRC channels, the botnet runs over 600 compromised servers, using Perl-based payloads for attacks with low detection rates. It has been active for over … Read more