Tag: botnet
-
Qrator Labs Mitigated Record L7 DDoS Attack from 5.76M-Device Botnet
Qrator Labs blocked a record L7 DDoS attack from a 5.76M-device botnet targeting government systems, showing rapid global growth since March. First seen on hackread.com Jump to article: hackread.com/qrator-labs-mitigate-l7-ddos-attack-5-76m-botnet/
-
Massive L7 DDoS Botnet Exploits 5.76M Hijacked Devices for Record Attacks
In a stark reminder of how vulnerable online services remain, Qrator Labs has revealed that a sprawling Layer 7 distributed denial-of-service (DDoS) botnet has swelled to over 5.76 million compromised devices, unleashing unprecedented traffic against critical infrastructures. Monitored since late March, the botnet has been used in a series of three large-scale attacks that demonstrate…
-
Kompromittierten Residential-Proxy-Netzwerke
Die Forscher von Censys haben Residential-Proxy-Netzwerke analysiert. Dabei wurde mit ein mutmaßliches ORB (Operation Relay Boxes)-Netzwerk untersucht, das Anfang August 2025 mit fast 40.000 Geräten aktiv war. Polaredge zeigt, wie sich moderne IoT-Botnets von kurzlebigen Ausbrüchen zu einer dauerhaften, global verteilten Infrastruktur entwickeln, die langfristig heimlich böswillige Operationen unterstützt. Ein tieferes Verständnis der Infrastruktur […]…
-
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs
Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development. First seen on hackread.com Jump to article: hackread.com/new-docker-malware-blocking-rivals-exposed-apis/
-
When Hackers Pivot and Hospitals Freeze: What the Latest Threats Reveal About Cybercrime’s New Playbook
What do a pharma firm, a hospital service provider, and your smart doorbell have in common? They were all targets in cyberattacks last month. Here’s the August end-of-month threat rundown from the ColorTokens Threat Advisory Team, a peek into how threat actors are rewriting the rules, one zero-day or botnet at a time. And if……
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 60
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter The Resurgence of IoT Malware: Inside the Mirai-Based “Gayfemboy” Botnet Campaign Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth The Silent, Fileless Threat of VShell Android backdoor spies on […]…
-
New Stealthy Malware Hijacking Cisco, TP-Link, and Other Routers for Remote Control
FortiGuard Labs has uncovered a sophisticated malware campaign targeting critical infrastructure devices from multiple vendors, with the >>Gayfemboy
-
IoT under siege: The return of the Mirai-based Gayfemboy Botnet
Mirai-based Gayfemboy botnet resurfaces, evolving to target systems worldwide; Fortinet researchers provided details about the new campaign. FortiGuard Labs researchers tracked a new Gayfemboy botnet campaign, the malware exploits known flaws in DrayTek, TP-Link, Raisecom, and Cisco, showing evolved tactics and renewed activity. The Gayfemboy botnet was first identified in February 2024, it borrows the…
-
GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets
Tags: attack, botnet, crypto, cve, cybercrime, cybersecurity, exploit, iot, malicious, vulnerabilityCybersecurity researchers are calling attention to multiple campaigns that leverage known security vulnerabilities and expose Redis servers to various malicious activities, including leveraging the compromised devices as IoT botnets, residential proxies, or cryptocurrency mining infrastructure.The first set of attacks entails the exploitation of CVE-2024-36401 (CVSS score: 9.8), a critical First seen on thehackernews.com Jump to…
-
US Officials Claim to Have Gained Control of the RapperBot
Overview Recently, US officials claimed to have successfully gained control of RapperBot, effectively curbing this powerful source of DDoS attacks. The operation pinpointed the key figure behind the botnet, Ethan Foltz. According to the investigation, Foltz has been developing and operating RapperBot since 2021, with his residence in Eugene, Oregon, USA. Since its activity, the…The…
-
US charges Oregon man in vast botnethire operation
Federal prosecutors called Rapper Bot one of the most powerful DDoS botnets in history. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/us-charges-oregon-man-botnet-for-hire/758293/
-
US cops wrap up RapperBot, one of world’s biggest DDoShire rackets
Feds say Mirai-spawned botnet blasted 370K attacks before AWS and pals helped yank its servers First seen on theregister.com Jump to article: www.theregister.com/2025/08/21/rapperbot_seized/
-
Oregon Man Charged in Rapper Bot DDoSHire Case
A 22-year-old Oregon man has been charged with administering the Rapper Bot DDoS-for-hire Botnet First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/oregon-man-charged-in-rapper-bot/
-
22-year-old Operator of ‘Rapper Bot’ Botnet Charged for Launching 3 Tbps DDoS Attack
Federal authorities have charged a 22-year-old Oregon man with operating one of the most powerful distributed denial-of-service (DDoS) botnets ever discovered, marking a significant victory in the ongoing battle against cybercriminal infrastructure. Ethan Foltz of Eugene, Oregon, faces federal charges for allegedly developing and administering the >>Rapper Bot
-
Alleged Rapper Bot DDoS botnet master arrested, charged
US federal prosecutors have charged a man with running Rapper Bot, a powerful botnet that was rented out to launch large-scale distributed denial-of-service (DDoS) attacks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/20/alleged-rapper-bot-ddos-botnet-master-arrested-charged/
-
DOJ takes action against 22-year-old running RapperBot Botnet
DOJ charges 22-year-old Ethan Foltz of Oregon for running RapperBot, a DDoS botnet behind 370K+ attacks in 80+ countries since 2021. The U.S. DOJ charged 22-year-old Ethan Foltz of Oregon for running the RapperBot botnet, used in over 370,000 DDoS-for-hire attacks since 2021. The criminal service is active in over 80 countries, RapperBot enabled large-scale…
-
Feds Seize Powerful DDoSHire Service ‘Rapper Botnet’
22-Year-Old Oregon Man Charged With Selling DDoS Attacks Using Mirai Variant. Federal prosecutors have charged Oregon man Ethan Foltz, 22, with administering an on-demand service for disrupting websites called Rapper Bot. Resulting distributed-denial-of-service attacks disrupted DeepSeek and X, as well as the U.S. Department of Defense, which is leading the investigation. First seen on govinfosecurity.com…
-
Feds charge alleged administrator of ‘sophisticated’ Rapper Bot botnet
A 22-year-old Oregon man has been charged with running a powerful botnet-for-hire service used to launch hundreds of thousands of cyberattacks worldwide, the U.S. Justice Department said. First seen on therecord.media Jump to article: therecord.media/feds-charge-botnet-admin
-
Oregon Man Charged in Global “Rapper Bot” DDoSHire Scheme
A massive cybercrime operation tied to one of the internet’s most powerful DDoS-for-hire botnets, Rapper Bot, has been brought down, and at the center of the case is a 22-year-old man from Eugene, Oregon. According to a federal criminal complaint filed on August 6, 2025, in the District of Alaska, Ethan Foltz is alleged to…
-
DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks
A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot.Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice (DoJ) said. The botnet has been used to carry out large-scale DDoS-for-hire attacks…
-
Officials gain control of Rapper Bot DDoS botnet, charge lead developer and administrator
The DDoS botnet was among the powerful on record, allegedly exceeding six terrabits per second during its largest attack, authorities said. Victims are spread across 80 countries. First seen on cyberscoop.com Jump to article: cyberscoop.com/rapper-bot-ddos-botnet-disrupted/
-
Ballooning PolarEdge Botnet a Suspected Cyberespionage Op
PolarNet Has Hallmarks of an Operational Relay Box. Nearly 40,000 enterprise-grade devices and consumer-class routers, IP cameras and more are infected with malware researchers codenamed PolarEdge, controlled by a botnet of the same name, which experts suspect is designed to hide traffic tied to cyberespionage operations. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ballooning-polaredge-botnet-suspected-cyberespionage-op-a-29246
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
5 key takeaways from Black Hat USA 2025
Tags: access, api, attack, authentication, botnet, business, cisco, cloud, container, control, credentials, data, endpoint, exploit, firmware, flaw, framework, Hardware, iam, login, malicious, malware, network, password, programming, rce, remote-code-execution, service, software, technology, tool, update, usa, vulnerability, windowsVaults can be cracked open: Critical vulnerabilities in popular enterprise credential vaults were unveiled by security researchers from Cyata during Black Hat.The flaws in various components of HashiCorp Vault and CyberArk Conjur, responsibly disclosed to the vendors and patched before their disclosure, stemmed from subtle logic flaws in authentication, validation, and policy enforcement mechanisms, as…
-
Win-DoS’ Zero-Click Exploit Could Weaponize Windows Infrastructure for DDoS Attacks
Security researchers have uncovered a “zero-click” denial-of-service chain that can silently turn thousands of Microsoft Windows Domain Controllers (DCs) into a globe-spanning botnet, raising fresh alarms in a year already defined by record-breaking distributed-denial-of-service (DDoS) activity. DDoS attacks climbed 56% year-over-year in late-2024 according to Gcore’s latest Radar report, and Cloudflare’s network has already blocked…
-
‘Win-DDoS’: Researchers unveil botnet technique exploiting Windows domain controllers
Research revealed more DoS flaws: SafeBreach researchers also discovered CVE-2025-26673 in DC’s Netlogon service, where crafted RPC calls could crash the service remotely without authentication. By exploiting this weakness, attackers could knock out a critical Windows authentication component, potentially locking users out of domain resources until the system is rebooted. Similarly, CVE-2025-49716 targets Windows Local…
-
New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP
A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and use it to conduct power distributed denial-of-service (DDoS) attacks.The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and Shahak Morag, who presented their findings at the DEF CON 33…
-
Modular Malware Suite Sold by Threat Actors Through Public Storefront Domains
A threat actor operating under the moniker Cyber Products has established a public-facing storefront at cyberproducts[.]io to distribute their modular malware suite, dubbed Cyber Stealer. This development marks a shift toward overt commercialization of malicious tools, with additional promotion occurring in clandestine online communities such as Hackforums. The malware, alternatively branded as Cyber Botnet &…
-
PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads
Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong.”The botnet’s rapid growth, which now exceeds 2,000 new infections per week, is driven by aggressive campaigns focusing on Spanish and French speakers, indicating a strategic…