New Mirai Botnet Variants Observed: How to Identify a Mirai-Style DDoS Attack

The Mirai Internet of Things IoT botnet, notorious for targeting connected household devices like cameras, alarm systems, and personal routers, continues evolving and poses significant cybersecurity threats. It has a history of executing massive DDoS attacks, including a major incident that...

OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers

French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service DDoS attack in April 2024 that reached a packet rate of 840 million packets per second Mpps. This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large...

New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks

Cybersecurity researchers have uncovered a new botnet called Zergeca that's capable of conducting distributed denial-of-service DDoS attacks. Written in Golang, the botnet is so named for its reference to a string named "ootheca" present in the command-and-control C2 servers "ootheca.pw" and...

Mirai-like Botnet Targets Zyxel NAS Devices in Europe for DDoS Attacks

Beware, Zyxel customers, and keep your devices up to date...

8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining

Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware...

Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "Wi...

P2Pinfect Botnet Now Targets Servers with Ransomware, Cryptominer

The P2Pinfect botnet, once dormant, is now attacking servers with ransomware and cryptomining malware. Patch your systems to avoid data encryption and financial loss...

NiceRAT Malware Targets South Korean Users via Cracked Software

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license...

PT-2024-5054

Name of the Vulnerable Software and Affected Versions GeoVision devices affected versions not specified Description The issue exists due to the failure to properly filter user input for specific functionality, allowing unauthenticated remote attackers to inject and execute arbitrary system comman...

How we can separate botnets from the malware operations that rely on them

As I covered in last weeks newsletter, law enforcement agencies from around the globe have been touting recent botnet disruptions affecting the likes of some of the largest threat actors and malware families. Operation Endgame, which Europol touted as the "largest ever operation against botnets,"...

PT-2024-5045

Name of the Vulnerable Software and Affected Versions: ASUS router models affected versions not specified Description: The issue is related to an authentication bypass vulnerability in certain ASUS router models, allowing unauthenticated remote attackers to log in to the device. This vulnerabilit...

Muhstik Botnet Exploits Apache RocketMQ Flaw in Latest Operations

...

The Justice Department Took Down the 911 S5 Botnet

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide...

Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks

Muhstik botnet exploits a critical Apache RocketMQ flaw CVE-2023-33246 for remote code execution, targeting Linux servers and IoT devices for DDoS attacks and cryptocurrency mining. Infection involves executing a shell script from a remote IP, downloading the Muhstik malware binary "pty3", and...

Mysterious Hack Destroyed 600,000 Internet Routers

Plus: A whistleblower claims the Biden administration falsified a report on Gaza, “Operation Endgame” disrupts the botnet ecosystem, and more...

How to tell if a VPN app added your Windows device to a botnet

On May 29, 2024, the US Department of Justice DOJ announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a...

RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability

The threat actors behind the RedTail cryptocurrency mining malware have added a recently disclosed security flaw impacting Palo Alto Networks firewalls to its exploit arsenal. The addition of the PAN-OS vulnerability to its toolkit has been complemented by updates to the malware, which now...

U.S. Dismantles World's Largest 911 S5 Botnet with 19 Million Infected Devices

The U.S. Department of Justice DoJ on Wednesday said it dismantled what it described as "likely the world's largest botnet ever," which consisted of an army of 19 million infected devices that was leased to other threat actors to commit a wide array of offenses. The botnet, which has a global...

‘Largest Botnet Ever’ Tied to Billions in Stolen Covid-19 Relief Funds

The US says a Chinese national operated the “911 S5” botnet, which included computers worldwide and was used to file hundreds of thousands of fraudulent Covid claims and distribute CSAM, among other crimes...

Is Your Computer Part of ‘The Largest Botnet Ever?’

The U.S. Department of Justice DOJ today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called "likely the worlds largest botnet ever." The arrest coincided with the seizure of the 911 S5 website and...