Architecture, DDOS and Hacking - Cyber Security Informer

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

Enemybot is a DDoS botnet that targeted several routers and web servers by exploiting known vulnerabilities. Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities. SecurityAffairs – hacking, Enemybot).

DDOS

DDOS Architecture Malware Cybercrime

Largest DDoS attack ever reported gets hoovered up by Cloudflare

Malwarebytes

AUGUST 20, 2021

On the Cloudflare blog , the American web infrastructure behemoth that provides content delivery network (CDN) and DDoS mitigation services reports that it detected and mitigated a 17.2 million request-per-second (rps) DDoS attack. The target of this enormous DDoS attack was a customer of Cloudflare in the financial sector.

DDOS

DDOS IoT Internet Internet

Chinese AI platform DeepSeek faced a “large-scale” cyberattack

Security Affairs

JANUARY 28, 2025

DeepSeek’s AI model is highly appreciated due to its exceptional performance, low costs, versatility across various industries, and innovative architecture that enhances learning and decision-making. The AI company did not share details about the attack or its origin, however likely the platform was targeted by a massive DDoS attack.

Artificial Intelligence

Artificial Intelligence DDOS Architecture Marketing

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Ukraine)

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

Security Affairs

OCTOBER 11, 2023

A Mirai-based DDoS botnet tracked as IZ1H9 has added thirteen new exploits to target routers from different vendors, including D-Link, Zyxel, and TP-Link. Upon executing the script, it deletes logs and downloads and executes various bot clients to target specific Linux architectures. ” reads the analysis published by Fortinet.

DDOS

DDOS Wireless Architecture IoT

New RapperBot Campaign targets game servers with DDoS attacks

Security Affairs

NOVEMBER 16, 2022

Fortinet researchers discovered new samples of RapperBot used to build a botnet to launch Distributed DDoS attacks against game servers. Fortinet FortiGuard Labs researchers have discovered new samples of the RapperBot malware that are being used to build a DDoS botnet to target game servers. SecurityAffairs – hacking, RapperBot).

DDOS

DDOS IoT Malware Architecture

Experts warn of a surge in activity associated FICORA and Kaiten botnets

Security Affairs

DECEMBER 27, 2024

It first terminates processes with the same file extension as “FICORA” and then downloads and executes the malware targeting multiple Linux architectures. The malware FICORA is a variant of the Mirai malware, it includes DDoS attack capabilities using multiple protocols such as UDP, TCP, and DNS.

Architecture

Architecture Malware DNS DDOS

Dark Frost Botnet targets the gaming sector with powerful DDoS

Security Affairs

MAY 26, 2023

Researchers spotted a new botnet dubbed Dark Frost that is used to launch distributed denial-of-service (DDoS) attacks against the gaming industry. Researchers from Akamai discovered a new botnet called Dark Frost that was employed in distributed denial-of-service (DDoS) attacks. Gbps through a UDP flood attack.

DDOS

DDOS Architecture Malware Hacking

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet

Security Affairs

MAY 9, 2023

A DDoS botnet dubbed AndoryuBot has been observed exploiting an RCE, tracked as CVE-2023-25717, in Ruckus access points. The activity is associated with a known DDoS botnet tracked as AndoryuBot that first appeared in February 2023. The bot supports multiple DDoS attack techniques and uses SOCKS5 proxies for C2 communications.

DDOS

DDOS Wireless Architecture Advertising

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Security Affairs

NOVEMBER 14, 2022

The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks. KmsdBot supports multiple architectures, including as Winx86, Arm64, and mips64, x86_64, and does not stay persistent to avoid detection. SecurityAffairs – hacking, KmsdBot). ” reads the post published by Akamai.

DDOS

DDOS Malware Cryptocurrency Manufacturing

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. Fortinet FortiGuard Labs researchers warned of multiple DDoS botnets exploiting a vulnerability impacting multiple Zyxel firewalls. Mirai botnets are frequently used to conduct DDoS attacks.”

DDOS

DDOS Firmware VPN Firewall

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux. A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn.

Malware

Malware DDOS Architecture Financial Services

Discovery of Simps Botnet Leads To Ties to Keksec Group

Security Affairs

MAY 18, 2021

Uptycs’ threat research team discovered a new botnet, tracked as Simps botnet, attributed to Keksec group, which is focused on DDOS activities. Uptycs’ threat research team has discovered a new Botnet named ‘Simps’ attributed to Keksec group primarily focussed on DDOS activities. 200 in simps directory to tmp.

DDOS

DDOS Malware Architecture IoT

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The botnet was created to launch DDoS attacks and to insert advertisements in the legitimate HTTP traffic of the victims, most of which are in China (96%). The botnet leverages a robust architecture based on a combination of third-party services, P2P, and Command & Control servers. SecurityAffairs – hacking, Pink botnet).

Architecture

Architecture DDOS Advertising DNS

Experts warn of China-linked APT’s Raptor Train IoT Botnet

Security Affairs

SEPTEMBER 18, 2024

. “This service enables an entire suite of activities, including scalable exploitation of bots, vulnerability and exploit management, remote management of C2 infrastructure, file uploads and downloads, remote command execution, and the ability to tailor IoT-based distributed denial of service (DDoS) attacks at-scale.”

IoT

IoT Wireless DDOS Architecture

New NKAbuse malware abuses NKN decentralized P2P network protocol

Security Affairs

DECEMBER 15, 2023

The malicious code can target various architectures, it supports both flooder and backdoor capabilities. The primary target of NKAbuse is Linux desktops, however, it can target MISP and ARM architecture. NKN (New Kind of Network) is a decentralized peer-to-peer network protocol that relies on blockchain technology.

Malware

Malware Architecture Technology DDOS

New HEH botnet wipes devices potentially bricking them

Security Affairs

OCTOBER 7, 2020

Experts noticed that the malware supports multiple CPU architectures, including x86(32/64), ARM(32/64), MIPS(MIPS32/MIPS-III) and PPC, it is written in the Go open-source programming language. SecurityAffairs – hacking, HEH botnet). ” concludes the post. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Architecture

Architecture IoT Malware Advertising

The activity of the Linux XorDdos bot increased by 254% over the last six months

Security Affairs

MAY 20, 2022

XORDDoS , also known as XOR.DDoS , first appeared in the threat landscape in 2014 it is a Linux Botnet that was employed in attacks against gaming and education websites with massive DDoS attacks that reached 150 gigabytes per second of malicious traffic. SecurityAffairs – hacking, domain name system). ” concludes the report.

DDOS

DDOS Architecture Education Hacking

How to Prevent DNS Attacks: DNS Security Best Practices

eSecurity Planet

DECEMBER 8, 2023

DNS Server Hardening DNS server hardening can be very complex and specific to the surrounding architecture. Design robust server architecture to improve redundancy and capacity for resilience against failure or DDoS attacks. Implement rate limiting to harden against DDoS and DNS tunneling attacks.

DNS

DNS DDOS Firewall Architecture

Finding Beauty In The Architecture

Threatpost

JULY 1, 2019

A good appreciation and respect for good real-world architecture goes a long way when it comes to architecting resilient systems.

Architecture

Architecture DDOS InfoSec Hacking

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. The botnet supports the following capabilities: DDoS attack Collecting Bot Information Execute the payload of the specified URL Update the sample from the specified URL Execute system or custom commands. Pierluigi Paganini.

IoT

IoT DDOS Architecture Passwords

API Security for the Modern Enterprise

IT Security Guru

SEPTEMBER 7, 2022

Microservices Architecture has Created a Security Blind Spot. When you have multiple services communicating with each other through APIs, then your entire system becomes exposed when any one service gets hacked. Tools like two-factor authentication, rate limiting, and DDoS protection can go a long way in securing APIs.

DDOS

DDOS Authentication Architecture Social Engineering

Dark Nexus, a new IoT botnet that targets a broad range of devices

Security Affairs

APRIL 8, 2020

Cybersecurity researchers discovered a new IoT botnet, tracked as Dark Nexux, that is used to launch distributed denial-of-service (DDoS) attacks. Dark Nexux is the name of a new emerging IoT botnet discovered by Bitdefender that is used to launch DDoS attacks. through 8.6). net:80), and then executes them.

IoT

IoT DDOS Advertising Architecture

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks. KmsdBot supports multiple architectures, including as Winx86, Arm64, and mips64, x86_64, and does not stay persistent to avoid detection. ” reads the report published by Akamai.

IoT

IoT DDOS Architecture Internet

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Dark web services: DDoS attacks, botnets, and zero-day IoT vulnerabilities Of all IoT-related services offered on the dark web, DDoS attacks are worth examining first.

IoT

IoT DDOS Passwords Malware

New ZHtrap botnet uses honeypot to find more victims

Security Affairs

MARCH 17, 2021

ZHtrap propagates using four vulnerabilities, experts pointed out that the botnet mainly used to conduct DDoS attacks and scanning activities, while integrating some backdoor features. ZHtrap supports multiple architectures, including x86, ARM, and MIPS. SecurityAffairs – hacking, ZHtrap). Pierluigi Paganini.

DDOS

DDOS Architecture Encryption Hacking

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Security Affairs

SEPTEMBER 8, 2024

The attack starts with a shell script that downloads binaries for various architectures (ARM, MIPS, X86), extracts a command-and-control (C2) server from an encrypted configuration, and connects to it. ” The flaw was also exploited to deliver Mirai Variant – JenX and the Condi DDoS bot.

Malware

Malware Telecommunications Encryption DDOS

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

com) with links to the bot was among the 48 domains associated with DDoS-for-hire services seized by the FBI in December. The most recent variant spotted by Microsoft spreads by exploiting vulnerabilities in Apache and Apache Spark ( CVE-2021-42013 and CVE-2022-33891 respectively) and also supports new DDoS attack capabilities.

IoT

IoT DDOS Malware Firmware

New Linux botnet RapperBot brute-forces SSH servers

Security Affairs

AUGUST 5, 2022

RapperBot has limited DDoS capabilities, it was designed to target ARM, MIPS, SPARC, and x86 architectures. SecurityAffairs – hacking, RapperBot). Experts also noticed that the most recent samples include the code to maintain persistence, which is rarely implemented in other Mirai variants. Pierluigi Paganini.

IoT

IoT Malware Passwords Authentication

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities. The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion.

Malware

Malware DDOS IoT Cybercrime

Top 7 Cloud Storage Security Issues & Risks (+ Mitigations)

eSecurity Planet

JANUARY 30, 2024

Downtime limits incident response, increases the risk of data breaches, and can be used as leverage for DDoS attacks. Limited Control & Visibility Insufficient visibility into the cloud architecture causes delays in threat responses, increasing the risk of data breaches.

Risk

Risk DDOS Data breaches Encryption

A new Mirai botnet variant targets TP-Link Archer A21

Security Affairs

APRIL 25, 2023

.” The Mirai botnet is exploiting the issue to gain access to the device and downloads the malicious payload for the targeted architecture. The Mirai botnet that is behind the attacks observed by ZDI is focused on launching DDoS attacks, it has the capability to target Valve Source Engine (VSE). ” continues the report.

DDOS

DDOS Engineering Firmware Architecture

Chalubo, a new IoT botnet emerges in the threat landscape

Security Affairs

OCTOBER 23, 2018

Security experts from Sophos Labs have spotted a new piece of IoT malware tracked as Chalubo that is attempting to recruit devices into a botnet used to launch DDoS attacks. The IoT malware ran only on systems with an x86 architecture. ” reads the analysis from Sophos Labs.

IoT

IoT DDOS Malware Architecture

A new development shows a potential shift to using Mirai to target enterprises

Security Affairs

MARCH 18, 2019

A variant discovered last year was leveraging an open-source project to target multiple architectures, including ARM, MIPS, PowerPC, and x86. routers, network storage devices, NVRs, and IP cameras) and leverages various exploits to hack them. The new Mirai variant targets embedded devices (i.e.

IoT

IoT Wireless DDOS Advertising

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

APRIL 28, 2020

The Outlaw Hacking Group is back, malware researchers from Cybaze-Yoroi ZLab have uncovered a new botnet that is targeting European organizations. The Linux malware is the well-known “ Shellbot ”, it is a crimetool belonging to the arsenal of a threat actor tracked as the “Outlaw Hacking Group. ”. Introduction. Technical Analysis.

Architecture

Architecture Malware Hacking DDOS

Torii botnet, probably the most sophisticated IoT botnet of ever

Security Affairs

SEPTEMBER 29, 2018

According to experts from Avast, the Torii bot has been active since at least December 2017, it could targets a broad range of architectures, including ARM, MIPS, x86, x64, PowerPC, and SuperH. The Torii IoT botnet stands out for the largest sets of architectures it is able to target. ” reads the analysis published by Avast.

IoT

IoT Architecture Advertising DDOS

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Security Affairs

APRIL 1, 2019

The popular expert unixfreaxjp analyzed a new China ELF DDoS’er malware tracked as “Linux/DDoSMan” that evolves from the Elknot malware to deliver new ELF bot. The code seems inspired from multiple source code of China basis DDoS client, like Elknot. Figure 2: The C2 software for Linux DDoS.

DDOS

DDOS Malware Encryption Penetration Testing

Mirai code re-use in Gafgyt

Security Affairs

APRIL 16, 2021

HTTP flooding is a kind of DDoS attack in which the attacker sends a large number of HTTP requests to the targeted server to overwhelm it. UDP flooding is a type of DDoS attack in which an attacker sends several UDP packets to the victim server as a means of exhausting it. SecurityAffairs – hacking, Mirai). HTTP flooding module.

Malware

Malware DDOS IoT Firmware

New Go-based Redigo malware targets Redis servers

Security Affairs

DECEMBER 1, 2022

“The first use of the command is activated to receive information about the CPU architecture. AquaSec researchers believe that threat actors are using the Redigo malware to infect Redis and add them to a botnet used to launch denial-of-service (DDoS) attacks, run cryptocurrency miners, or steal data from the servers.

Malware

Malware DDOS Architecture Cryptocurrency

New England Biolabs leak sensitive data

Security Affairs

OCTOBER 24, 2023

Exposed endpoints could be leveraged to flood the system or application with traffic, disrupt or block the service for legitimate users, initiate DDoS attacks, disseminate spam, conduct phishing attacks, and other malicious actions.

Data breaches

Data breaches Social Engineering Phishing DDOS

Security Affairs newsletter Round 380

Security Affairs

AUGUST 20, 2022

SecurityAffairs – hacking, newsletter). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. The post Security Affairs newsletter Round 380 appeared first on Security Affairs.

DDOS

DDOS Architecture Malware Cybercrime

Mukashi, the new Mirai variant that targets Zyxel NAS

Security Affairs

MARCH 21, 2020

“Upon execution, the zi script downloads different architectures of Mirai bot, runs the downloaded binaries, and removes the binaries. The bot supports various commands, like Mirai, such as launching DDoS attacks. Like other Mirai variants, Mukashi is also capable of receiving C2 commands and launching DDoS attacks.”

DDOS

DDOS Authentication Advertising Firmware

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

Adam Levin

APRIL 8, 2019

Changing the architecture of three separate applications at a fundamental level not only opens the door to human error and system glitches but also presents a golden opportunity for hackers, and that should be what we’re talking about–before anything bad happens. This article originally appeared on Inc.com.

Hacking

Hacking Data privacy Artificial Intelligence System Administration

Muhstik botnet adds Oracle WebLogic and Drupal exploits

Security Affairs

NOVEMBER 11, 2020

Botnet operators monetize their efforts via XMRig, cgmining and with DDoS-for-hire services. . The payload is named “pty” followed by a number used to map the architecture. SecurityAffairs – hacking, botnet). Researchers from Lacework have analyzed the attack chain implemented by the Muhstik bot. y/pty2 hxxp://167.99.39.134/.x/pty3.

IoT

IoT Malware DDOS Architecture

Enemybot, a new DDoS botnet appears in the threat landscape

Largest DDoS attack ever reported gets hoovered up by Cloudflare

Trending Sources

Chinese AI platform DeepSeek faced a “large-scale” cyberattack

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

New RapperBot Campaign targets game servers with DDoS attacks

Experts warn of a surge in activity associated FICORA and Kaiten botnets

Dark Frost Botnet targets the gaming sector with powerful DDoS

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Multiple DDoS botnets were observed targeting Zyxel devices

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Discovery of Simps Botnet Leads To Ties to Keksec Group

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Experts warn of China-linked APT’s Raptor Train IoT Botnet

New NKAbuse malware abuses NKN decentralized P2P network protocol

New HEH botnet wipes devices potentially bricking them

The activity of the Linux XorDdos bot increased by 254% over the last six months

How to Prevent DNS Attacks: DNS Security Best Practices

Finding Beauty In The Architecture

Mozi Botnet is responsible for most of the IoT Traffic

API Security for the Modern Enterprise

Dark Nexus, a new IoT botnet that targets a broad range of devices

Updated Kmsdx botnet targets IoT devices

Overview of IoT threats in 2023

New ZHtrap botnet uses honeypot to find more victims

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

A new Zerobot variant spreads by exploiting Apache flaws

New Linux botnet RapperBot brute-forces SSH servers

EnemyBot malware adds new exploits to target CMS servers and Android devices

Top 7 Cloud Storage Security Issues & Risks (+ Mitigations)

A new Mirai botnet variant targets TP-Link Archer A21

Chalubo, a new IoT botnet emerges in the threat landscape

A new development shows a potential shift to using Mirai to target enterprises

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Torii botnet, probably the most sophisticated IoT botnet of ever

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Mirai code re-use in Gafgyt

New Go-based Redigo malware targets Redis servers

New England Biolabs leak sensitive data

Security Affairs newsletter Round 380

Mukashi, the new Mirai variant that targets Zyxel NAS

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

Muhstik botnet adds Oracle WebLogic and Drupal exploits

Stay Connected