January 17, 2024 at 06:39AM CISA and FBI warn of AndroxGh0st malware creating a botnet for victim identification and exploitation. Capable of infiltrating servers with known security flaws, it targets credentials for platforms like AWS and Microsoft Office 365. Features enable SMTP abuse and persistent access to compromised systems. Related tools include FBot and spike … Read more
January 16, 2024 at 12:41PM CISA and the FBI warn about Androxgh0st malware, which is being used to create a botnet targeting cloud credential theft. The botnet exploits vulnerabilities in frameworks and servers. Additionally, it steals sensitive information, deploys malicious tools, and conducts spam campaigns. The agencies advise on mitigation measures to limit the impact … Read more
January 10, 2024 at 11:39AM The new Mirai-based botnet NoaBot is used by threat actors for a crypto mining campaign since 2023. It includes a wormable self-spreader and an SSH key backdoor, and has been linked to a Rust-based malware called P2PInfect. NoaBot’s unique features make it difficult to detect, and it has targeted 849 … Read more
January 9, 2024 at 10:56AM Ukraine and Germany are accused of launching a cyberattack to disrupt a Bangladesh national election app. The app, used to provide election updates and candidate data, is impacted by slow performance. Although the exact nature of the attack is not specified, it’s suspected to be caused by botnets from Ukraine … Read more
December 19, 2023 at 06:22PM Qakbot malware has resurfaced, distributed through phishing emails targeting hospitality organizations. Microsoft, Zscaler, and Proofpoint reported sightings of a new 64-bit version using AES encryption. Despite a takedown in August, Qakbot’s operators continue distributing other malware. Lumu observed 1,581 attempted attacks in September, indicating the group’s resilience. The group’s continued … Read more
December 19, 2023 at 04:33AM Qakbot malware has resurged with a new phishing campaign targeting the hospitality sector. The gang uses malicious PDF attachments disguised as IRS documents to distribute the malware. Despite earlier efforts to take it down, Qakbot has reappeared, demonstrating the challenge of combating cybercrime. Similar to Emotet’s revival, Qakbot’s resurgence poses … Read more
December 15, 2023 at 09:54AM A new botnet named KV-botnet, compromising firewalls and routers from various manufacturers, is used for covert data transfer by advanced persistent threat actors, particularly the China-linked threat actor Volt Typhoon. The botnet’s two clusters target high-profile victims and utilize IP addresses based in China. The operators also focus on removing … Read more
December 13, 2023 at 05:50PM The Chinese state-sponsored hacking group Volt Typhoon, also known as Bronze Silhouette, has been linked to the sophisticated botnet ‘KV-botnet’ since 2022. The group targets SOHO routers, firewalls, and VPN devices, aiming to disrupt critical communications infrastructure. The botnet’s activities indicate a focus on espionage and information gathering, with recent … Read more
November 16, 2023 at 03:16PM Researchers at AhnLab Security Emergency Response Center (ASEC) have discovered a new campaign targeting MySQL servers with the ‘Ddostf’ malware botnet. The attackers exploit vulnerabilities or weak credentials to gain access to the servers and use user-defined functions (UDFs) to execute commands. The primary payload is the Ddostf bot client, … Read more
November 15, 2023 at 10:48AM The U.S. government has taken down the IPStorm botnet proxy network, as the developer behind it, Sergei Makinin, pleaded guilty. The botnet infected Windows, Mac, Linux, and Android devices globally. Makinin could face up to 30 years in prison and has made at least $550,000 from the scheme. The botnet … Read more