US disrupts botnet used by Russia-linked APT28 threat group

The US government has disrupted a network of routers that were being used by the Russia-linked threat group APT28 to conceal malicious cyber activities. 

"These crimes included vast spear-phishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as US and foreign governments and military, security, and corporate organisations," said the US Department of Justice (DoJ) in a statement.

APT28, tracked by...

16 February 2024 | Security

‘Pandoraspear’ botnet hijacks smart TVs and boxes

Cybercrime syndicate Bigpanzi stands accused of orchestrating a massive Distributed Denial of Service (DDoS) botnet named 'Pandoraspear'.

Pandoraspear has reportedly infected potentially millions of smart TVs and set-top boxes, with at least 170,000 bots actively running during the campaign's peak.

The infection mechanism primarily targets Android-based smart TVs and streaming hardware, exploiting users who visit dubious streaming sites on their smartphones. Upon...

18 January 2024 | Consumer IoT & Wearables

P2PInfect malware variant targets IoT devices

Cybersecurity researchers from Cado Security Labs have uncovered a novel variant of the P2PInfect botnet that poses a heightened risk by targeting IoT devices.

The latest P2PInfect variant – compiled for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture – signifies an expansion of the malware's capabilities, potentially paving the way for widespread infections.

Security researcher Matt Muir highlighted the significance of targeting MIPS,...

4 December 2023 | Enterprise

Fronton botnet can launch trending disinformation campaigns

A Russian IoT botnet known as Fronton can use inauthentic coordinated behaviour to launch disinformation trends on social media.

“Trends” on social media platforms are how many people keep updated with what’s going on in the world. There’s growing awareness of not believing everything that’s posted under a trend – especially around developing events like terror attacks – but there’s often an acceptance that it’s trending because enough real people are posting...

23 May 2022 | IoT

Mirai variant ‘Beastmode’ exploits fresh vulnerabilities

A variant of the Mirai botnet called Beastmode has been observed exploiting recently-discovered vulnerabilities.

The Mirai botnet is composed primarily of IoT and embedded devices. In 2016, Mirai made national headlines when it used exploited connected devices to overwhelm several high-profile targets with record-setting Distributed Denial-of-Service (DDoS) attacks.

Mirai’s original creator was arrested in the fall of 2018 but variants have continued to emerge which...

4 April 2022 | IoT

Netlab researchers discover IoT botnets HEH and Ttint

Security researchers from Netlab have discovered two new IoT botnets called HEH and Ttint.

Netlab is the network research division of Chinese cybersecurity giant Qihoo 360. The company’s researchers first spotted the Ttint botnet targeting Tenda routers using two zero-day vulnerabilities.

Ttint spreads a remote control trojan based on code from the Mirai malware.

Mirai caused widespread chaos in 2016 when it hit DNS provider Dyn and impacted popular services...

7 October 2020 | Security

IBM X-Force discovers Mozi botnet accounts for 90% of IoT traffic

Security experts from IBM X-Force have discovered that the Mozi botnet now accounts for 90 percent of traffic from IoT devices.

Mozi evolved from the source codes of infamous malware families such as Mirai, IoT Reaper, and Gafgyt. The botnet is capable of DDoS attacks, data exfiltration, and command or payload execution.

IoT devices with weak security, predominately unpatched routers and DVRs, are sought by Mozi to add to its ranks. Mozi has compromised popular routers...

18 September 2020 | IoT

Bitdefender: New botnet is targeting millions of IoT devices

Security researchers from Bitdefender have uncovered a new botnet which is targeting millions of IoT devices.

The so-called dark_nexus botnet seeks to infect common IoT devices like smart cameras, routers, and more. Bitdefender gave dark_nexus its name after featuring in its user agent string when carrying out exploits over HTTP: “dark_NeXus_Qbot/4.0”.

Qbot is another IoT malware which dark_nexus takes inspiration from. Bitdefender found some code from Qbot, and the...

14 April 2020 | IoT