GoBruteforcer Botnet Targets 50K-plus Linux Servers
Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations.
Stay informed on botnet trends, attacks, and defenses. Get the latest updates and expert insights on botnet threats in information security.
Search across headline titles and summaries.
Background for this topic.
A botnet is a network of compromised internet-connected devices controlled remotely by an attacker through malware. These devices, known as bots, receive commands from centralized or decentralized command-and-control (C2) servers to perform coordinated actions such as launching Distributed Denial of Service (DDoS) attacks, sending spam, or distributing additional malware. Botnets vary in size and complexity, often leveraging vulnerabilities in devices or weak authentication to propagate.
In information security, botnets pose significant risks including large-scale service disruptions from DDoS attacks and the unauthorized use of infected devices for malicious activities. Detecting botnet activity involves monitoring network traffic for unusual patterns and identifying communication with known C2 infrastructure. Effective defense includes timely patching of vulnerable systems, blocking C2 domains or IPs based on threat intelligence, and isolating infected hosts to prevent further spread or damage. Coordinated efforts to disrupt botnet infrastructure can reduce their operational impact.
Weekly headline count for the current query.
Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations.
Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises.
A threat actor is leveraging a flaw in the Ray framework to hijack AI infrastructure worldwide and distribute a self-propagating cryptomining and data theft botnet.
RondoDox takes a hit-and-run, shotgun approach to exploiting bugs in consumer edge devices around the world.
The for-hire platform leverages legitimate cloud-native tools to make detection and disruption harder for defenders and SOC analysts.
A vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data
The two campaigns are good examples of the ever-shrinking time-to-exploit timelines that botnet operators have adopted for newly published CVEs.
Though the operation was partially disrupted earlier this year, the botnet remains active and continues to target connected Android devices.
Thousands of ASUS routers have been infected and are believed to be part of a wide-ranging ORB network affecting devices from Linksys, D-Link, QNAP, and Araknis Network.
While the botnet may not be completely automated, it uses certain tactics when targeting devices that indicate that it may, at the very least, be semiautomated.
A multiyear investigation by a public-private partnership has resulted in the seizure of the botnet's US-based infrastructure and indictments for its key players, significantly disrupting a vast cybercriminal enterprise.
The cybercriminals infected older wireless Internet routers with Anyproxy and 5socks malware in order to reconfigure them — all without the users' knowledge.
In the past, the vulnerability was exploited to drop Mirai botnet malware. Today, it's being used once more for another botnet campaign with its own malware.
The threat actors are exploiting non-interactive sign-ins, an authentication feature that security teams don't typically monitor.
Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.
Two separate campaigns are targeting flaws in various IoT devices globally, with the goal of compromising them and propagating malware worldwide.
Over the past year, "Matrix" has used publicly available malware tools and exploit scripts to target weakly secured IoT devices — and enterprise servers.
An elusive, sophisticated cybercriminal group has used known and zero-day vulnerabilities to compromise more than 20,000 SOHO routers and other IoT devices so far, and then puts them up for sale on a residential proxy marketplace for state-sponsored cyber-espionage actors and others to use.
Chinese-speaking adversaries are using a fresh Android banking Trojan to take over devices and initiate fraudulent money transfers from financial institutions across Latin America, Italy, Portugal, and Spain.
The Russian-language malware primarily enlists computers to mine Monero, but theoretically it can do worse.