DeadBolt ransomware targeted NAS devices (notably QNAP and ASUSTOR) with a multitiered extortion scheme that includes both victim and vendor payout options and a web-based ransom interface. The report highlights DeadBolt’s configuration-driven, automated appro…
Tag: IOT
CrowdStrike data show Mirai variants built for Intel-powered Linux systems more than doubling in Q1 2022 versus Q1 2021, with 32-bit x86 builds rising the most. Mirai continues to expand across Linux devices—from IoT to servers—by exploiting unpatched flaws su…
Check Point Research details the Twisted Panda operation, a Chinese state-sponsored espionage campaign targeting Rostec’s defense institutes in Russia (and possibly Belarus), leveraging sanctions-based lures and novel tools like SPINNER and a multi-layer loade…
Trend Micro’s Managed XDR investigated a Kingminer botnet attack that targeted an MSSQL server by abusing obfuscated PowerShell and VBScript, leading to a fileless miner deployment. The findings trace the attack chain from initial exploitation through payload …
FortiGuard Labs observed a new DDoS botnet named Enemybot, attributed to Keksec, that borrows code from Gafgyt and Mirai while using obfuscation and a Tor-hidden C2 to complicate takedowns. It targets routers from Seowon Intech and D-Link and leverages a wide …
Beastmode, a Mirai-based DDoS campaign, rapidly expanded its exploit arsenal in early 2022 by adding multiple TOTOLINK-focused vulnerabilities, enabling broader device infections and botnet growth. The campaign leverages publicly released exploit code, uses shell scripts downloaded via wget, and culminates in a suite of DDoS capabilities; users are urged to update affected firmware. #Beastmode #Totolink
SentinelLabs describes AcidRain, an ELF MIPS wiper that targets modems and routers to overwrite flash storage, in the context of the KA-SAT outage tied to the Russia-Ukraine conflict. The report also notes potential overlaps with VPNFilter/Sandworm activity an…
Avast Threat Labs connects Meris, TrickBot, and Glupteba campaigns to a single C2 that covertly controls roughly 230,000 MikroTik routers in a botnet-as-a-service. The research traces exploitation of CVE-2018-14847, wides…
Trend Micro analyzes Cyclops Blink, a modular botnet linked to Sandworm that targets ASUS routers (and WatchGuard Firebox devices) and lists more than 150 current and historical C2 servers. The report details the malware’s architecture, encryption, and persist…
EnemyBot is a Linux-based botnet targeting a broad range of Linux devices with multi-architecture ELF payloads. The report details its infection chain, capabilities (network scanning, flooding, and data exfiltration), observed indicators of compromise, and mit…
Ukrainian banks and government websites were targeted by a moderate DDoS campaign attributed to the Katana botnet, a Mirai variant used to flood services. Preparation for the attack appears to have begun as early as February 13, with delivery through exploited…
Cases of malicious e-mails to Russian companies have become more frequent. Attackers write on behalf of Banks, large air operators, car dealers and mass media. They offer cooperation to companies and advise to open the file in the attachment, where there are details about a good deal. If the user do…