Security News

A cryptomining gang known as 8220 Gang has been exploiting Linux and cloud app vulnerabilities to grow their botnet to more than 30,000 infected hosts. The group is a low-skilled, financially-motivated actor that infects AWS, Azure, GCP, Alitun, and QCloud hosts after targeting publicly available systems running vulnerable versions of Docker, Redis, Confluence, and Apache.

All you have to do is purchase the tool, run it on a Windows PC connected to the industrial controller via serial cable, click a button, and the password for the equipment is revealed. Under the hood, the software exploits a vulnerability - tracked as CVE-2022-2003 - in the device's Automation Direct firmware to retrieve the password in plain-text on command.

The botnet behind the largest HTTPS distributed denial-of-service attack in June 2022 has been linked to a spate of attacks aimed at nearly 1,000 Cloudflare customers. Calling the powerful botnet Mantis, the web performance and security company attributed it to more than 3,000 HTTP DDoS attacks against its users.

The record-breaking distributed denial-of-service attack that Cloudflare mitigated last month originated from a new botnet called Mantis, which is currently described as "The most powerful botnet to date." The previous record was held by Mēris botnet, which launched an attack that spiked at 21.8 million requests per second.

The U.S. Department of Justice on Thursday disclosed that it took down the infrastructure associated with a Russian botnet known as RSOCKS in collaboration with law enforcement partners in Germany, the Netherlands, and the U.K. The botnet, operated by a sophisticated cybercrime organization, is believed to have ensnared millions of internet-connected devices, including Internet of Things devices, Android phones, and computers for use as a proxy service. "The RSOCKS botnet offered its clients access to IP addresses assigned to devices that had been hacked," the DoJ said in a press release.

A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe. The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney's Office in the Southern District of California.

The U.S. Department of Justice has announced the disruption of the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT devices worldwide for use as proxy servers. A botnet is a swarm of devices that threat actors can remotely control to perform various behavior, including DDoS attacks, crypto mining, and deploying additional malware.

A new Golang-based peer-to-peer botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "Utilizes its built-in concurrency features to maximize spreadability and execute malware modules" and "Harvests SSH keys to perform lateral movement."

New botnet and cryptominer Panchan attacking Linux servers. Akamai Security Research announced on Wednesday it has uncovered a new botnet attacking the Linux servers of telecom and education providers in Asia, Europe and the Americas.

A new peer-to-peer botnet named Panchan appeared in the wild around March 2022, targeting Linux servers in the education sector to mine cryptocurrency. At the same time, it has powerful detection avoidance capabilities, such as using memory-mapped miners and dynamically detecting process monitoring to stop the mining module immediately.