Russian Script Kiddie Builds Massive DDoS Botnet

Guest
Cyber Crime
December 2, 2024

Key Details	Information
Threat Actors	Individual attacker tracked as “Matrix” by Aqua Nautilus.
Campaign Overview	A Russian attacker uses publicly available tools to assemble a DDoS botnet targeting IoT devices and enterprise servers. The botnet is monetized through Telegram, offering tiered DDoS services.
Target Regions (or Victims)	Primary focus: China and Japan (high density of IoT devices); targets include IoT devices, cloud environments (AWS, Azure, Google Cloud).
Methodology	Scans for unpatched IoT vulnerabilities and weak configurations; exploits outdated RCE vulnerabilities; brute-forces weak/default passwords; modifies public tools for customization.
Product Targeted	IoT devices (routers, DVRs, cameras, telecom equipment); cloud servers; enterprise environments (Telnet, SSH, Hadoop YARN, Apache HugeGraph).
Malware Reference	Tools include Mirai, Pybot, Pynet, SSH Scan Hacktool, Discord Go; modified versions used in the campaign.
Tools Used	Publicly available tools like Mirai and Pybot; brute-force scripts for credential attacks; vulnerabilities from CVEs (e.g., CVE-2014-8361, CVE-2024-27348).
Vulnerabilities Exploited	Older and newer RCE vulnerabilities in IoT devices and servers (e.g., CVE-2014-8361, CVE-2017-17215, CVE-2018-10561, CVE-2024-27348); weak credentials on IoT devices and enterprise servers.
TTPs	Exploiting unpatched vulnerabilities; brute-forcing credentials; targeting cloud environments and IoT devices; offering DDoS-as-a-service through Telegram.
Attribution	Russian attacker; campaign linked to GitHub activity starting in November 2023; leveraging basic but widespread attack techniques.
Recommendations	Change default passwords and secure credentials; apply firmware updates; monitor and patch known vulnerabilities; secure administrative protocols; use network visibility tools to detect unusual traffic.
Source	Darkreading

Read full article:https://www.darkreading.com/cyberattacks-data-breaches/russian-script-kiddie-assembles-massive-ddos-botnet

Disclaimer: The above summary has been generated by an AI language model

Leave a Reply Cancel reply