Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet
The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said.
Stay informed on botnet trends, attacks, and defenses. Get the latest updates and expert insights on botnet threats in information security.
Search across headline titles and summaries.
Background for this topic.
A botnet is a network of compromised internet-connected devices controlled remotely by an attacker through malware. These devices, known as bots, receive commands from centralized or decentralized command-and-control (C2) servers to perform coordinated actions such as launching Distributed Denial of Service (DDoS) attacks, sending spam, or distributing additional malware. Botnets vary in size and complexity, often leveraging vulnerabilities in devices or weak authentication to propagate.
In information security, botnets pose significant risks including large-scale service disruptions from DDoS attacks and the unauthorized use of infected devices for malicious activities. Detecting botnet activity involves monitoring network traffic for unusual patterns and identifying communication with known C2 infrastructure. Effective defense includes timely patching of vulnerable systems, blocking C2 domains or IPs based on threat intelligence, and isolating infected hosts to prevent further spread or damage. Coordinated efforts to disrupt botnet infrastructure can reduce their operational impact.
The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said.
ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks
This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current and historical command-and-control (C&C) servers of the Cyclops Blink botnet.
On a plus side, their code's not very good A new Linux botnet is using the infamous Log4j vulnerability to install rootkits and steal data.…
The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found
The Emotet malware botnet is taking advantage of the 2022 U.S. tax season by sending out malicious emails pretending to be the Internal Revenue Service sending tax forms or federal returns. [...]
A recently discovered botnet under active development targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells, and acting as web traffic proxies. [...]
A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits
Large-scale phishing activity using hundreds of domains to steal credentials for Naver, a Google-like online platform in South Korea, shows infrastructure overlaps linked to the TrickBot botnet. [...]
Large-scale phishing activity using hundreds of domains to steal credentials for Naver, a Google-like online platform in South Korea, shows infrastructure overlaps linked to the TrickBot botnet. [...]