Hackers working on behalf of the Chinese government are using a botnet of thousands of routers, cameras, and other Internet-connected devices to perform highly evasive password spray attacks against users of Microsoft’s Azure cloud service, the company warned Thursday. The malicious network, made up almost entirely of TP-Link routers, was first documented in October 2023… Read More »
Getty Images reader comments 17 The US Treasury Department has sanctioned three Chinese nationals for their involvement in a VPN-powered botnet with more than 19 million residential IP addresses they rented out to cybercriminals to obfuscate their illegal activities, including COVID-19 aid scams and bomb threats. The criminal enterprise, the Treasury Department said Tuesday, was… Read More »
reader comments 2 Cybercriminals and spies working for nation-states are surreptitiously coexisting inside the same compromised name-brand routers as they use the devices to disguise attacks motivated both by financial gain and strategic espionage, researchers said. In some cases, the coexistence is peaceful, as financially motivated hackers provide spies with access to already compromised routers… Read More »
Getty Images reader comments 22 Crooks are working overtime to anonymize their illicit online activities using thousands of devices of unsuspecting users, as evidenced by two unrelated reports published Tuesday. The first, from security firm Lumen Labs, reports that roughly 40,000 home and office routers have been drafted into a criminal enterprise that anonymizes illicit… Read More »
Getty Images reader comments 23 Attackers have transformed hundreds of hacked sites running WordPress software into command-and-control servers that force visitors’ browsers to perform password-cracking attacks. A web search for the JavaScript that performs the attack showed it was hosted on 708 sites at the time this post went live on Ars, up from 500… Read More »
Getty Images reader comments 12 For the past year, previously unknown self-replicating malware has been compromising Linux devices around the world and installing cryptomining malware that takes unusual steps to conceal its inner workings, researchers said. The worm is a customized version of Mirai, the botnet malware that infects Linux-based servers, routers, Web cameras, and… Read More »
reader comments 8 with 0 posters participating Share this story Microsoft researchers have discovered a hybrid Windows-Linux botnet that uses a highly efficient technique to take down Minecraft servers and performs distributed denial-of-service attacks on other platforms. Dubbed MCCrash, the botnet infects Windows machines and devices running various distributions of Linux for use in DDoS… Read More »
reader comments 55 with 34 posters participating Share this story It’s not the kind of security discovery that happens often. A previously unknown hacker group used a novel backdoor, top-notch tradecraft, and software engineering to create an espionage botnet that was largely invisible in many victim networks. The group, which security firm Mandiant is calling… Read More »
reader comments 29 with 25 posters participating Share this story A cryptocurrency platform was recently on the receiving end of one of the biggest distributed denial-of-service attacks ever after threat actors bombarded it with 15.3 million requests, content delivery network Cloudflare said. DDoS attacks can be measured in several ways, including by the volume of… Read More »
Getty Images reader comments 14 with 10 posters participating Share this story For years, malicious hackers have been hacking large fleets of MikroTik routers and conscripting them into Trickbot, one of the Internet’s most destructive botnets. Now, Microsoft has finally figured out why and how the devices are being put to use. Trickbot came to… Read More »