FortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices. Learn more about this malware targeting these devices.
A newly discovered global cyber threat is rapidly expanding, infecting tens of thousands of internet-connected devices to launch powerful cyberattacks.
Russian threat actors combine domain name vulnerabilities with hidden router proxy techniques to scale their attacks while remaining shielded from detection.
The Qualys Threat Research Unit has uncovered a large-scale, ongoing operation within the Mirai campaign, dubbed Murdoc Botnet.
Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras.
U.S. officials say the sanctioned Chinese firm provided botnet infrastructure for the China-backed hacking group Flax Typhoon
FortiGuard Labs recently noticed that attackers still use and deliver two different botnets via D-Link exposing a HNAP interface weakness. Learn more.
Discover the latest insights on the Quad7 / 7777 botnet in our detailed analysis. Learn about the expansion of this resilient threat, its targeting patterns, and proactive measures to defend against compromised routers. Stay informed with our up-to-date findings and recommendations.
Uncover the secrets of the Quad7 botnet and its ever-evolving toolset. Learn about the new backdoors and protocols used by these operators.
New Gorilla botnet launches over 300,000 DDoS attacks globally, exploiting IoT devices and Apache Hadoop flaws.
Uncover the secrets of the Quad7 botnet and its ever-evolving toolset. Learn about the new backdoors and protocols used by these operators.
The Akamai Security Intelligence and Response Team (SIRT) has observed a botnet campaign that is abusing several previously exploited vulnerabilities, as well as a zero-day vulnerability discovered by the SIRT.
CVE-2024-7029 (discovered by Aline Eliovich) is a command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE).
Once injected, the botnet spreads a Mirai variant with string names that reference the COVID-19 virus that has been seen since at least 2020.
We have included a list of indicators of compromise (IOCs) to assist in defense against this threat.
Aqua Nautilus researchers discovered a new variant of Gafgyt targeting machines with weak SSH passwords.
Sekoia.io investigated the mysterious 7777 botnet (aka. Quad7 botnet), published by the independent researcher Gi7w0rm inside the “The curious case of the 7777 botnet” blogpost.
This investigation allowed us to intercept network communications and malware deployed on a TP-Link router compromised by the Quad7 botnet in France.
To our understanding, the Quad7 botnet operators leverage compromised TP-Link routers to relay password spraying attacks against Microsoft 365 accounts without any specific targeting.
Therefore, we link the Quad7 botnet activity to possible long term business email compromise (BEC) cybercriminal activity rather than an APT threat actor.
However, certain mysteries remain regarding the exploits used to compromise the routers, the geographical distribution of the botnet and the attribution of this activity cluster to a specific threat actor.
The insecure architecture of this botnet led us to think that it can be hijacked by other threat actors to install their own implants on the compromised TP-Link routers by using the Quad7 botnet accesses.
Chinese nationals Yunhe Wang, Jingping Liu, and Yanni Zheng have been sanctioned by the U.S. Treasury Department for operating the residential proxy service 911 S5, which was a botnet comprised of over 19 million residential IP addresses that had been used to support various cybercrime groups' COVID-19 relief scams and bomb threats, Ars Technica reports.
A court-authorized international law enforcement operation led by the U.S. Justice Department disrupted a botnet used to commit cyber attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations.
Ivanti Connect Secure (ICS) devices are under attack! Two critical vulnerabilities are being exploited to deploy the notorious Mirai botnet.
FortiGuard Labs discovered the new botnet “Goldoon” targeting D-Link devices through related vulnerability CVE-2015-2051.
