DDoS botnet
Coverage of DDoS botnet in the Nexus archive.
- AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
A new malware family called AryStinger is infecting 4,300 legacy home routers to create a reconnaissance and proxy network, distinct from typical DDoS botnets. QiAnXin's XLab identified the malware, which focuses on pre-attack reconnaissance rather than direct attacks.
- US and Canada arrest and charge suspected Kimwolf botnet admin
U.S. and Canadian authorities arrested and charged a Canadian man for operating the KimWolf DDoS botnet, which compromised nearly two million devices globally. The coordinated international law enforcement action targets the suspected administrator of the malicious botnet network.
- Canadian man arrested by international authorities, charged with administrating KimWolf DDoS botnet
A Canadian man has been arrested by Canadian authorities and charged in the U.S. District of Alaska with operating the KimWolf DDoS botnet, which targeted internet-connected devices. The criminal complaint was unsealed following his arrest, marking a coordinated international law enforcement action against the cybercriminal infrastructure.
- Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Threat actors are exploiting CVE-2024-3721, a medium-severity command injection vulnerability in TBK DVRs and end-of-life TP-Link Wi-Fi routers, to deploy the Mirai-botnet variant Nexcorium. Fortinet FortiGuard Labs and Palo Alto Networks Unit 42 have identified this attack, which hijacks devices for DDoS botnet operations.