Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 3
47 résultats taggé Botnet  ✕
New Rust Botnet "RustoBot" is Routed via Routers https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers
23/04/2025 08:30:04
QRCode
archive.org

FortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices. Learn more about this malware targeting these devices.

fortinet EN 2025 TOTOLINK Botnet Rust Routers RustoBot malware
New DDoS Botnet Discovered: Over 30,000 Hacked Devices, Majority of Observed Activity Traced to Iran https://www.greynoise.io/blog/new-ddos-botnet-discovered
03/03/2025 20:46:23
QRCode
archive.org
thumbnail

A newly discovered global cyber threat is rapidly expanding, infecting tens of thousands of internet-connected devices to launch powerful cyberattacks.

greynoise EN 2025 analysis botnet internet-connected devices to Iran
How A Large-Scale Russian Botnet Operation Stays Under the Radar https://blogs.infoblox.com/threat-intelligence/one-mikro-typo-how-a-simple-dns-misconfiguration-enables-malware-delivery-by-a-russian-botnet/
26/01/2025 12:15:21
QRCode
archive.org
thumbnail

Russian threat actors combine domain name vulnerabilities with hidden router proxy techniques to scale their attacks while remaining shielded from detection.

infoblox EN 2025 Mikrotik Botnet Russia proxy Large-Scale
Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai | Qualys Security Blog https://blog.qualys.com/vulnerabilities-threat-research/2025/01/21/mass-campaign-of-murdoc-botnet-mirai-a-new-variant-of-corona-mirai
21/01/2025 17:43:02
QRCode
archive.org
thumbnail

The Qualys Threat Research Unit has uncovered a large-scale, ongoing operation within the Mirai campaign, dubbed Murdoc Botnet.

qualys EN 2025 Murdoc Botnet Mirai analysis
IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 https://www.trendmicro.com/en_us/research/25/a/iot-botnet-linked-to-ddos-attacks.html
20/01/2025 08:53:40
QRCode
archive.org
thumbnail

Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras.

trendmicro EN 2025 malware iot research report cyber-threats DDoS IoT botnet cameras
US sanctions Chinese cyber firm linked to Flax Typhoon hacks | TechCrunch https://techcrunch.com/2025/01/03/us-sanctions-chinese-cyber-firm-linked-to-flax-typhoon-hacks/
04/01/2025 10:44:34
QRCode
archive.org
thumbnail

U.S. officials say the sanctioned Chinese firm provided botnet infrastructure for the China-backed hacking group Flax Typhoon

techcrunch EN 2025 US China Flax-Typhoon botnet sanction Integrity-Technology-Group
Botnets Continue to Target Aging D-Link Vulnerabilities https://www.fortinet.com/blog/threat-research/botnets-continue-to-target-aging-d-link-vulnerabilities
27/12/2024 11:35:17
QRCode
archive.org
thumbnail

FortiGuard Labs recently noticed that attackers still use and deliver two different botnets via D-Link exposing a HNAP interface weakness. Learn more.

fortinet EN 2024 D-Link botnet HNAP CAPSAICIN FICORA
PROXY.AM Powered by Socks5Systemz Botnet https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
14/12/2024 11:08:56
QRCode
archive.org
thumbnail
  • Socks5Systemz, identified last year during large-scale distribution campaigns involving Privateloader, Smokeloader, and Amadey, has actually been active since 2013.
  • This malware was sold as a standalone product or integrated into other malware as a SOCKS5 proxy module. Such malware included, at least, Andromeda, Smokeloader and Trickbot.
  • In recent months, Bitsight TRACE investigated a Socks5Systemz botnet with 250,000 compromised systems at its peak, geographically dispersed across almost every country in the world.
  • The proxy service PROXY.AM, active since 2016, exploits the botnet to provide its users with proxy exit nodes and enable them to pursue broader criminal objectives.
bitsight EN 2024 PROXY.AM Socks5Systemz Botnet criminal
Botnet 7777: Are You Betting on a Compromised Router? https://www.team-cymru.com/post/botnet-7777-are-you-betting-on-a-compromised-router
01/11/2024 10:20:17
QRCode
archive.org
thumbnail

Discover the latest insights on the Quad7 / 7777 botnet in our detailed analysis. Learn about the expansion of this resilient threat, its targeting patterns, and proactive measures to defend against compromised routers. Stay informed with our up-to-date findings and recommendations.

team-cymru EN 2024 Quad7 analysis botnet
A glimpse into the Quad7 operators' next moves and associated botnets https://blog.sekoia.io/a-glimpse-into-the-quad7-operators-next-moves-and-associated-botnets/
01/11/2024 10:18:13
QRCode
archive.org
thumbnail

Uncover the secrets of the Quad7 botnet and its ever-evolving toolset. Learn about the new backdoors and protocols used by these operators.

sekoia EN 2024 Quad7 botnet CovertNetwork-1658 analysis
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries https://thehackernews.com/2024/10/new-gorilla-botnet-launches-over-300000.html
07/10/2024 12:52:27
QRCode
archive.org
thumbnail

New Gorilla botnet launches over 300,000 DDoS attacks globally, exploiting IoT devices and Apache Hadoop flaws.

thehackernews EN 2024 Gorilla Botnet DDoS Attacks
A glimpse into the Quad7 operators' next moves and associated botnets https://blog.sekoia.io/a-glimpse-into-the-quad7-operators-next-moves-and-associated-botnets/#h-conclusion
11/09/2024 20:35:54
QRCode
archive.org
thumbnail

Uncover the secrets of the Quad7 botnet and its ever-evolving toolset. Learn about the new backdoors and protocols used by these operators.

sekoia EN 2024 Quad7 botnet toolset backdoors analysis
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt
29/08/2024 16:36:22
QRCode
archive.org
  • The Akamai Security Intelligence and Response Team (SIRT) has observed a botnet campaign that is abusing several previously exploited vulnerabilities, as well as a zero-day vulnerability discovered by the SIRT.

  • CVE-2024-7029 (discovered by Aline Eliovich) is a command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE).

  • Once injected, the botnet spreads a Mirai variant with string names that reference the COVID-19 virus that has been seen since at least 2020.

  • We have included a list of indicators of compromise (IOCs) to assist in defense against this threat.

akamai EN 2024 botnet Mirai AVTECH zero-day vulnerability CCTV CVE-2024-7029
Gafgyt Malware Variant Exploits GPU Power and Cloud Native Environments https://www.aquasec.com/blog/gafgyt-malware-variant-exploits-gpu-power-and-cloud-native-environments/
15/08/2024 08:37:48
QRCode
archive.org
thumbnail

Aqua Nautilus researchers discovered a new variant of Gafgyt targeting machines with weak SSH passwords.

aquasec EN 2024 Gafgyt Malware SSH passwords botnet GPU Power cloud
Solving the 7777 Botnet enigma: A cybersecurity quest https://blog.sekoia.io/solving-the-7777-botnet-enigma-a-cybersecurity-quest/
23/07/2024 23:57:07
QRCode
archive.org
thumbnail
  • Sekoia.io investigated the mysterious 7777 botnet (aka. Quad7 botnet), published by the independent researcher Gi7w0rm inside the “The curious case of the 7777 botnet” blogpost.

  • This investigation allowed us to intercept network communications and malware deployed on a TP-Link router compromised by the Quad7 botnet in France.

  • To our understanding, the Quad7 botnet operators leverage compromised TP-Link routers to relay password spraying attacks against Microsoft 365 accounts without any specific targeting.

  • Therefore, we link the Quad7 botnet activity to possible long term business email compromise (BEC) cybercriminal activity rather than an APT threat actor.

  • However, certain mysteries remain regarding the exploits used to compromise the routers, the geographical distribution of the botnet and the attribution of this activity cluster to a specific threat actor.

  • The insecure architecture of this botnet led us to think that it can be hijacked by other threat actors to install their own implants on the compromised TP-Link routers by using the Quad7 botnet accesses.

sekoia EN 2024 7777 botnet research Quad7 TP-Link routers
Operators of 911 S5 residential proxy service subjected to US sanctions https://www.scmagazine.com/brief/operators-of-911-s5-residential-proxy-service-subjected-to-us-sanctions
30/05/2024 10:15:48
QRCode
archive.org
thumbnail

Chinese nationals Yunhe Wang, Jingping Liu, and Yanni Zheng have been sanctioned by the U.S. Treasury Department for operating the residential proxy service 911 S5, which was a botnet comprised of over 19 million residential IP addresses that had been used to support various cybercrime groups' COVID-19 relief scams and bomb threats, Ars Technica reports.

scmagazine EN 2024 911 S5 residential-proxy botnet US China Operators arrested
Office of Public Affairs | 911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated International Operation | United States Department of Justice https://www.justice.gov/opa/pr/911-s5-botnet-dismantled-and-its-administrator-arrested-coordinated-international-operation
30/05/2024 10:12:16
QRCode
archive.org

A court-authorized international law enforcement operation led by the U.S. Justice Department disrupted a botnet used to commit cyber attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations.

justice.gov EN 2024 911 S5 Botnet Dismantled press-release US
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html?m=1
12/05/2024 13:10:11
QRCode
archive.org

Ivanti Connect Secure (ICS) devices are under attack! Two critical vulnerabilities are being exploited to deploy the notorious Mirai botnet.

thehackernews EN 2024 Mirai Botnet Ivanti Connect Payload
New “Goldoon” Botnet Targeting D-Link Devices https://www.fortinet.com/blog/threat-research/new-goldoon-botnet-targeting-d-link-devices
03/05/2024 08:38:05
QRCode
archive.org
thumbnail

FortiGuard Labs discovered the new botnet “Goldoon” targeting D-Link devices through related vulnerability CVE-2015-2051.

fortinet EN 2024 Research FortiGuard Threat botnet Labs Goldoon D-Link CVE-2015-2051
Unplugging PlugX: Sinkholing the PlugX USB worm botnet https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/
26/04/2024 08:01:32
QRCode
archive.org
thumbnail

Learn about our process for collecting telemetry data from PlugX worm-infected workstations, as well as how to disinfect them.
#2024 #EN #PlugX #Sinkhole #USB #botnet #sekoia #worm

botnet Sinkhole sekoia USB worm PlugX EN 2024
page 1 / 3
4261 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio