Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025

This network traffic looks legal but it can hide a serious threat

July 2, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Matrix Botnet uses IoT devices in a widespread DDoS botnet campaign
Global Security

Matrix Botnet uses IoT devices in a widespread DDoS botnet campaign

AdminBy AdminNovember 27, 2024No Comments3 Mins Read
Matrix Botnet
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


November 27, 2024Ravi LakshmananIoT Security / Network Security

Matrix botnet

A threat actor called Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that exploits vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet.

“This operation serves as an end-to-end package for scanning, exploiting vulnerabilities, deploying malware, and configuring shop kits, demonstrating a self-contained approach to cyber attacks,” Assaf Morag, director of threat intelligence at Cloud Security. Aqua company said.

There is evidence that the operation is the work of a lone wolf actor, a screenwriter of Russian origin. The attacks mainly targeted IP addresses in China, Japan and to a lesser extent in Argentina, Australia, Brazil, Egypt, India and the US

The absence of Ukraine in the victimological trail indicates that the attackers are driven solely by financial motives, the cloud security firm said.

Cyber ​​security

Attack chains are characterized by the use of known security flaws and standard or weak credentials to gain access to a wide range of Internet-connected devices such as IP cameras, video recorders, routers and telecommunications equipment.

The attacker was also seen using misconfigured Telnet, SSH, and Hadoop servers with a particular focus on IP address ranges associated with cloud service providers (CSPs) such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud.

The malware also relies on a wide variety of public scripts and tools available on GitHub, ultimately deploying the Mirai botnet malware and other DDoS-related programs on compromised devices and servers.

This includes PYbot, pinette, DiscordGo, Homo Networka JavaScript program that implements an HTTP/HTTPS flooding attack and a tool that can disable Microsoft Defender Antivirus on Windows machines.

Matrix botnet

Matrix was also found to be using their own GitHub account, which they opened in November 2023, to host some of the DDoS artifacts used by the company.

The entire offering is also believed to be advertised as a DDoS-for-hire service through a Telegram bot called “Kraken Autobuy,” which allows customers to choose from different tiers in exchange for payment in cryptocurrency to carry out the attacks.

“This campaign, while not particularly sophisticated, demonstrates how available tools and basic technical knowledge can allow individuals to launch a broad, multifaceted attack against multiple vulnerabilities and misconfigurations of networked devices,” Morag said.

Cyber ​​security

“The simplicity of these techniques underscores the importance of applying basic security practices such as changing default credentials, securing administrative protocols, and applying timely firmware updates to protect against widespread opportunistic attacks like this one.”

The disclosure comes as NSFOCUS shines a light on a family of evasive botnets XorBot from November 2023 mainly targeting Intelbras cameras and routers from NETGEAR, TP-Link and D-Link.

“As the number of devices controlled by this botnet increased, the operators behind it also began to actively engage in profitable operations, openly advertising DDoS attack-for-hire services,” the cybersecurity company said in a statement. saidadding that the botnet is advertised under the alias Masjesu.

“At the same time, by adopting advanced techniques such as injecting redundant code and obfuscating signature patterns, they have improved file-level defenses, making it more difficult to monitor and identify their attack.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025

This network traffic looks legal but it can hide a serious threat

July 2, 2025

US Sanctions of Russia

July 2, 2025

V0 AI Vercel tool, armed with cybercrime for quick creation pages to enter scale

July 2, 2025

Critical vulnerability in Anthropic MCP exposes machines for remote feats

July 1, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025

This network traffic looks legal but it can hide a serious threat

July 2, 2025

US Sanctions of Russia

July 2, 2025

V0 AI Vercel tool, armed with cybercrime for quick creation pages to enter scale

July 2, 2025

Critical vulnerability in Anthropic MCP exposes machines for remote feats

July 1, 2025

Ta829 and Unk_greensec share tactics and infrastructure in current malware

July 1, 2025

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025

This network traffic looks legal but it can hide a serious threat

July 2, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.