Tag: botnet
-
GRU-Linked APT28 Uses MooBot Botnet and Compromised EdgeRouters for Cyber Operations
A notable operational pivot by the GRU-linked intrusion set APT28 (aka Fancy Bear, Sofacy, Forest Blizzard, Pawn Storm) that combines the MooBot botnet and compromised EdgeRouters to enable resilient cyber operations. This shift amplifies APT28’s long-standing focus on NATO, Ukrainian and critical-infrastructure targets by moving key capabilities from traditional cloud VPS and commodity hosting into…
-
JDY Botnet Evolves After KV Takedown, Targets Military Networks
JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen’s Black Lotus Labs reported the resurgence of the JDY botnet, a covert reconnaissance network tied to Chinese state-sponsored hacking groups including Volt Typhoon. The network was first spotted in late 2023 as a cluster inside KV-botnet. The U.S. government…
-
China-Linked JDY Botnet Hijacks 1,500+ IoT Devices for Rapid Exploits
A significant resurgence of the JDY botnet, a covert reconnaissance network tied to China-nexus threat activity. Once a component of the larger KV-botnet ecosystem, JDY has expanded to more than 1,500 compromised small office/home office (SOHO) and Internet of Things (IoT) devices and now functions as a high-performance, centrally controlled scanner that accelerates vulnerability discovery…
-
JDY botnet expands, enabling rapid exploitation of disclosed vulnerabilities
First seen on scworld.com Jump to article: www.scworld.com/brief/jdy-botnet-expands-enabling-rapid-exploitation-of-disclosed-vulnerabilities
-
Digitale Revierkämpfe: Botnetz C0XMO vernichtet rivalisierende Malware
Die neue Gafgyt-Malware-Variante C0XMO attackiert DD-WRT-Router über eine Schwachstelle und eliminiert konkurrierende Schadsoftware auf den Geräten. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/rivalisierende-malware-vernichtet
-
Silent Ransom Group Uses Fast Flux Botnet to Hide Law Firm Leak Sites
Cybersecurity firm Resecurity reports Silent Ransom Group is using a fast flux botnet to hide data leak sites while targeting law firms with theft and vishing. First seen on hackread.com Jump to article: hackread.com/silent-ransom-group-fast-flux-botnet-leak-sites/
-
IoT Botnet C0XMO Adds Competitor-Killing Capability
C0XMO is a new Gafgyt botnet variant exploiting old router flaws, spreading across IoT devices, killing rivals, and enabling large-scale DDoS attacks. In March 2026, FortiGuard Labs discovered a new variant of the Gafgyt botnet, dubbed C0XMO, which is noticeably more capable than its predecessors. The malware spreads through CVE-2021-27137, a stack buffer overflow in…
-
C0XMO botnet spreads via DD-WRT router flaw, kills rival malware
A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU architectures. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/c0xmo-botnet-spreads-via-dd-wrt-router-flaw-kills-rival-malware/
-
New Gafgyt Variant Targets Linux Systems With Modular Spread Tactics
A new Gafgyt-family botnet, tracked as C0XMO, marks a notable technical shift in IoT malware design: the separation of scanning and propagation into distinct components and multi-architecture payloads that maximize reach across heterogeneous Linux devices. The operator delivered C0XMO by exploiting CVE-2021-27137 a stack buffer overflow in the UPnP SSDP parser of vulnerable DD-WRT firmware…
-
Dutch authorities disrupt massive botnet of 17 million devices
Tags: botnetFirst seen on scworld.com Jump to article: www.scworld.com/brief/dutch-authorities-disrupt-massive-botnet-of-17-million-devices
-
Botnetz zerschlagen: 17 Millionen Geräte heimlich als Proxy missbraucht
Tags: botnetGesteuert wurde das Botnetz über etwa 200 in den Niederlanden gehostete Server. Zu den infizierten Geräten zählen PCs, Smartphones und Router. First seen on golem.de Jump to article: www.golem.de/news/botnetz-zerschlagen-17-millionen-geraete-heimlich-als-proxy-missbraucht-2606-209238.html
-
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks.The bot network, per the Dutch Politie and the National Cyber Security Center (NCSC), consisted of at least 17 million infected devices. More than 200 servers located in the…
-
âš¡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Monday recap. Same mess, new week.A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should’ve patched years ago. Good times.Phishing crews are getting smarter too – less obvious…
-
RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers. First seen on hackread.com Jump to article: hackread.com/rondodox-botnet-2018-vulnerability-hijack-asus-routers/
-
RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers. First seen on hackread.com Jump to article: hackread.com/rondodox-botnet-2018-vulnerability-hijack-asus-routers/
-
RondoDox Botnet Exploits 2018 Flaw in Asus Routers
Botnet Operators Execute First Known Exploit of Nearly Decade-Old Flaw. Operators behind a botnet picked up on a nearly decade-old flaw in Asus routers allowing an unauthenticated attacker to achieve remote code execution as a root user. VulnCheck began observing exploitation of the Asus vulnerability on May 17. First seen on govinfosecurity.com Jump to article:…
-
RondoDox Botnet Exploits 2018 Flaw in Asus Routers
Botnet Operators Execute First Known Exploit of Nearly Decade-Old Flaw. Operators behind a botnet picked up on a nearly decade-old flaw in Asus routers allowing an unauthenticated attacker to achieve remote code execution as a root user. VulnCheck began observing exploitation of the Asus vulnerability on May 17. First seen on govinfosecurity.com Jump to article:…
-
23-Year-Old Canadian Charged in KimWolf Botnet Operation
DOJ Says KimWolf Powered Massive DDoS-for-Hire Operations. U.S. prosecutors charged a Canadian man accused of operating the KimWolf botnet, alleging the DDoS-for-hire platform compromised nearly two million IoT devices and powered attacks that reached record traffic volumes worldwide. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/23-year-old-canadian-charged-in-kimwolf-botnet-operation-a-31757
-
Canadian man arrested, charged for running KimWolf DDos botnet
In court documents unsealed on Thursday, the Justice Department said Jacob Butler ran KimWolf as a DDoS-for-hire service that infected over a million devices worldwide. First seen on therecord.media Jump to article: therecord.media/canadian-man-arrested-charged-running-kimwolf-botnet
-
Authorities arrest 23-year-old accused of running the Kimwolf botnet
Canadian authorities arrested a 23-year-old Ottawa man accused of running the Kimwolf DDoS botnet. The US is now seeking extradition. US authorities have charged 23-year-old Jacob Butler (aka “Dort”), an Ottawa resident, for allegedly operating the recently disrupted Kimwolf botnet. Authorities arrested the suspect in Canada, he could face up to 10 years in prison…
-
Botnetz: 23-Jähriger Kanadier wegen Botnetz-Betrieb verhaftet
Dem Verdächtigen wird vorgeworfen, das Botnetz Kimwolf als DDoS-for-hire-Service angeboten zu haben. First seen on golem.de Jump to article: www.golem.de/news/botnetz-23-jaehriger-kanadier-wegen-botnetz-betrieb-verhaftet-2605-208979.html
-
Suspected KimWolf botnet admin arrested over DDoShire operation
U.S. and Canadian authorities arrested and charged a Canadian man accused of operating the KimWolf DDoS botnet, a service linked to attacks that infected more than one million … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/22/kimwolf-ddos-botnet-administrator-arrested/
-
US and Canada arrest and charge suspected Kimwolf botnet admin
U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-and-canada-arrest-and-charge-suspected-kimwolf-botnet-admin/
-
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoSHire Attacks
The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf.In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to be…
-
Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada
Jacob Butler, a 23-year-old from Ottawa, awaits extradition to the United States and faces up to 10 years in prison. First seen on cyberscoop.com Jump to article: cyberscoop.com/kimwolf-botnet-alleged-administrator-jacob-butler-arrested-canada/
-
P2PInfect Botnet Targets Kubernetes via Exposed Redis
A persistent P2Pinfect botnet campaign targeting Google Kubernetes Engine (GKE) clusters through exposed Redis instances, highlighting how a single cloud misconfiguration can enable long-term compromise. In several investigated environments, attackers maintained access for up to six months, with consistent botnet activity detected through FortiCNAPP composite alerts. The intrusion chain began with publicly exposed Redis services,…
-
P2PInfect Botnet Targets Kubernetes via Exposed Redis
A persistent P2Pinfect botnet campaign targeting Google Kubernetes Engine (GKE) clusters through exposed Redis instances, highlighting how a single cloud misconfiguration can enable long-term compromise. In several investigated environments, attackers maintained access for up to six months, with consistent botnet activity detected through FortiCNAPP composite alerts. The intrusion chain began with publicly exposed Redis services,…
-
AI Botnets Drive Surge in Financial Sector DDoS Attacks
Akamai Links Attack Growth to AI-Enabled Botnets and Hacktivists. Akamai says AI-enabled botnets, geopolitical hacktivism and financially motivated cybercriminals drove a massive rise in DDoS, API and web attacks against global financial services firms in 2025, with banks suffering the majority of incidents. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-botnets-drive-surge-in-financial-sector-ddos-attacks-a-31730
-
AI Botnets Drive Surge in Financial Sector DDoS Attacks
Akamai Links Attack Growth to AI-Enabled Botnets and Hacktivists. Akamai says AI-enabled botnets, geopolitical hacktivism and financially motivated cybercriminals drove a massive rise in DDoS, API and web attacks against global financial services firms in 2025, with banks suffering the majority of incidents. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-botnets-drive-surge-in-financial-sector-ddos-attacks-a-31730
-
Void Botnet Leverages Ethereum for Resilient C2
A newly identified botnet, named Void, is leveraging Ethereum smart contracts to build a resilient, hard-to-disrupt command-and-control (C2) infrastructure, marking a continued evolution in blockchain-enabled cybercrime. Discovered in March 2026 and advertised on a Russian-language cybercrime forum, Void Botnet follows closely behind the earlier Aeternum C2 campaign documented by Qrator Labs, but introduces notable differences…