FBI, Google Take Down NetNut Proxy Network Used by Cyber Threat Actors
The NetNut proxy network and the ‘Popa’ botnet are known to have infected devices with variants of Mirai DDoS botnets
Stay informed on botnet trends, attacks, and defenses. Get the latest updates and expert insights on botnet threats in information security.
Search across headline titles and summaries.
Background for this topic.
A botnet is a network of compromised internet-connected devices controlled remotely by an attacker through malware. These devices, known as bots, receive commands from centralized or decentralized command-and-control (C2) servers to perform coordinated actions such as launching Distributed Denial of Service (DDoS) attacks, sending spam, or distributing additional malware. Botnets vary in size and complexity, often leveraging vulnerabilities in devices or weak authentication to propagate.
In information security, botnets pose significant risks including large-scale service disruptions from DDoS attacks and the unauthorized use of infected devices for malicious activities. Detecting botnet activity involves monitoring network traffic for unusual patterns and identifying communication with known C2 infrastructure. Effective defense includes timely patching of vulnerable systems, blocking C2 domains or IPs based on threat intelligence, and isolating infected hosts to prevent further spread or damage. Coordinated efforts to disrupt botnet infrastructure can reduce their operational impact.
Weekly headline count for the current query.
The NetNut proxy network and the ‘Popa’ botnet are known to have infected devices with variants of Mirai DDoS botnets
Operators of the malicious Glassworm botnet have been targeting software developers since at least early 2025
FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices
New botnet Aeternum shifted C2 operations to Polygon blockchain, complicating takedown efforts
SystemBC malware linked to 10,000 infected IPs, posing risks to sensitive government infrastructure
Check Point Research has reported a surge in attacks on a vulnerability in HPE OneView, driven by the Linux-based RondoDox botnet
The GoBruteforcer botnet has been observed targeting exposed Linux servers on services like FTP and MySQL
A global law enforcement operation has taken down the Rhadamanthys infostealer, VenomRAT trojan and the Elysium botnet
New campaign merges traditional malware with DevOps tools, using GitHub CodeSpaces for DDoS attacks
A 22-year-old Oregon man has been charged with administering the Rapper Bot DDoS-for-hire Botnet
A cryptomining botnet active since 2019 has incorporated likely AI-generated Lcryx ransomware into its operations
A new malware campaign uses GitHub to deliver payloads via Amadey botnet, bypassing email distribution
SecurityScorecard has discovered a covert cyber-espionage botnet dubbed “LapDogs” linked to China
The FBI says mainly Chinese-made IoT devices pose a threat from Badbox 2.0 malware
The criminal proxy network infected thousands of IoT and end-of-life devices, creating dangerous botnet
A new ransomware campaign is automating LockBit deployment via the Phorpiex botnet, according to Cybereason
SecurityScorecard revealed that the large-scale password spraying campaign can bypass MFA and security access policies by utilizing Non-interactive sign-ins
A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices
The US government said that China based firm Integrity Technology Group provided infrastructure for Flax Typhoon to attack multiple US targets
Androxgh0st botnet has expanded, integrating Mozi IoT payloads and targeting web server vulnerabilities