Trustwave’s honeypot network across six countries reveals how Mirai, Mozi, and Kinsing botnets targeted enterprise applications to upload web shells and recruit devices into botnets for DDoS or cryptomining. The report details leveraging PoCs and CVEs (GoAnywh…
Tag: IOT
SCARLETEEL 2.0 expands into AWS Fargate and Kubernetes, refining its cloud-focused toolkit to steal credentials, escalate privileges, and mine cryptocurrency while evading newer security controls. Sysdig Threat Research Team documents a more resilient C2 archi…
Trend Micro analyzes Red Menshen’s BPFDoor variants that abuse Berkeley Packet Filter (BPF) in Linux and Solaris to bypass network protections. The analysis tracks the backdoor’s evolution from early 30-instruction filters to newer, more complex variants with …
Microsoft researchers uncovered a campaign targeting internet-facing Linux-based systems and IoT devices that uses a patched OpenSSH to take control of devices and deploy cryptomining malware, backdoors, and rootkits. The operation leverages a hijacked OpenSSH…
Check Point researchers traced Camaro Dragon, a Chinese-based espionage actor, deploying self-propagating USB malware (WispRider/HopperTick) that could spread globally from Southeast Asia, with DLL-side loading and antivirus evasion. The operation combines USB…
Unit 42 outlines a Mirai variant campaign targeting IoT devices since March 2023, exploiting a wide set of IoT vulnerabilities to recruit devices into a botnet used for DDoS and other attacks. The campaigns share infrastructure and malware characteristics, wit…
Check Point Research identified ongoing phishing campaigns that abuse legitimate form services to harvest credentials and exfiltrate data, helping attackers evade detection. The attackers rely on HTML attachments masquerading as login pages and employ services…
Trend Micro analyzes Earth Preta (Mustang Panda) activity in 2023, detailing new arrival vectors (MIROGO, QMAGENT, TONEDROP) and a TONESHELL variant with a custom C&C protocol. The report also exposes the threat actor’s download infrastructure (fake Google Dri…
ASEC reports that Tsunami DDoS Bot, also known as Kaiten, was installed on poorly managed Linux SSH servers along with ShellBot, XMRig CoinMiner, and Log Cleaner. The campaign begins with dictionary or brute-force SSH access, followed by downloading and deploy…
Chinese Threat Actor Used Modified Cobalt Strike Variant to Attack Taiwanese Critical Infrastructure
A Chinese threat actor operated a modified Cobalt Strike variant, “Cobalt Strike Cat,” to attack Taiwanese government entities and critical infrastructure. The campaign covered recon, exploitation of remote code execution vulnerabilities, credential theft, and…
FortiGuard Labs documents RapperBot expanding from a DDoS botnet into cryptojacking on Intel x64 machines by merging the bot with an XMRig miner. The campaign updates include a revamped C2 protocol, multi-layer encoding to evade detection, and SSH-key persiste…
Raspberry Robin is a global USB-based malware campaign that acts as a loader, delivering ransomware operators and other loaders to target networks. It propagates via infected USB drives, uses legitimate Windows binaries to execute payloads, and relies on compr…
Zero Day Initiative — TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal
Zero Day Initiative flagged Mirai expanding its toolkit by incorporating CVE-2023-1389 to target TP-Link Archer AX21 routers, with evidence of active exploitation starting in April after TP-Link’s patch. The malware downloads and executes architecture-specific…
ShellBot is being distributed to poorly managed Linux SSH servers, leveraging SSH credential brute-forcing and IRC-based C2 channels to control infected hosts. The report details three ShellBot variants (LiGhT’s Modded perlbot v2, DDoS PBot v2.0, and PowerBots…
ChinaZ DDoSBot has been found installed on poorly managed Linux SSH servers, turning compromised hosts into bots capable of performing DDoS attacks. The article details Linux and Windows variants, their C2 communications, persistence mechanisms, and defender g…