Tag: botnet
-
US cops wrap up RapperBot, one of world’s biggest DDoShire rackets
Feds say Mirai-spawned botnet blasted 370K attacks before AWS and pals helped yank its servers First seen on theregister.com Jump to article: www.theregister.com/2025/08/21/rapperbot_seized/
-
Oregon Man Charged in Rapper Bot DDoSHire Case
A 22-year-old Oregon man has been charged with administering the Rapper Bot DDoS-for-hire Botnet First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/oregon-man-charged-in-rapper-bot/
-
22-year-old Operator of ‘Rapper Bot’ Botnet Charged for Launching 3 Tbps DDoS Attack
Federal authorities have charged a 22-year-old Oregon man with operating one of the most powerful distributed denial-of-service (DDoS) botnets ever discovered, marking a significant victory in the ongoing battle against cybercriminal infrastructure. Ethan Foltz of Eugene, Oregon, faces federal charges for allegedly developing and administering the >>Rapper Bot
-
Alleged Rapper Bot DDoS botnet master arrested, charged
US federal prosecutors have charged a man with running Rapper Bot, a powerful botnet that was rented out to launch large-scale distributed denial-of-service (DDoS) attacks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/20/alleged-rapper-bot-ddos-botnet-master-arrested-charged/
-
DOJ takes action against 22-year-old running RapperBot Botnet
DOJ charges 22-year-old Ethan Foltz of Oregon for running RapperBot, a DDoS botnet behind 370K+ attacks in 80+ countries since 2021. The U.S. DOJ charged 22-year-old Ethan Foltz of Oregon for running the RapperBot botnet, used in over 370,000 DDoS-for-hire attacks since 2021. The criminal service is active in over 80 countries, RapperBot enabled large-scale…
-
Feds Seize Powerful DDoSHire Service ‘Rapper Botnet’
22-Year-Old Oregon Man Charged With Selling DDoS Attacks Using Mirai Variant. Federal prosecutors have charged Oregon man Ethan Foltz, 22, with administering an on-demand service for disrupting websites called Rapper Bot. Resulting distributed-denial-of-service attacks disrupted DeepSeek and X, as well as the U.S. Department of Defense, which is leading the investigation. First seen on govinfosecurity.com…
-
Feds charge alleged administrator of ‘sophisticated’ Rapper Bot botnet
A 22-year-old Oregon man has been charged with running a powerful botnet-for-hire service used to launch hundreds of thousands of cyberattacks worldwide, the U.S. Justice Department said. First seen on therecord.media Jump to article: therecord.media/feds-charge-botnet-admin
-
Oregon Man Charged in Global “Rapper Bot” DDoSHire Scheme
A massive cybercrime operation tied to one of the internet’s most powerful DDoS-for-hire botnets, Rapper Bot, has been brought down, and at the center of the case is a 22-year-old man from Eugene, Oregon. According to a federal criminal complaint filed on August 6, 2025, in the District of Alaska, Ethan Foltz is alleged to…
-
DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks
A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot.Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice (DoJ) said. The botnet has been used to carry out large-scale DDoS-for-hire attacks…
-
Officials gain control of Rapper Bot DDoS botnet, charge lead developer and administrator
The DDoS botnet was among the powerful on record, allegedly exceeding six terrabits per second during its largest attack, authorities said. Victims are spread across 80 countries. First seen on cyberscoop.com Jump to article: cyberscoop.com/rapper-bot-ddos-botnet-disrupted/
-
Ballooning PolarEdge Botnet a Suspected Cyberespionage Op
PolarNet Has Hallmarks of an Operational Relay Box. Nearly 40,000 enterprise-grade devices and consumer-class routers, IP cameras and more are infected with malware researchers codenamed PolarEdge, controlled by a botnet of the same name, which experts suspect is designed to hide traffic tied to cyberespionage operations. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ballooning-polaredge-botnet-suspected-cyberespionage-op-a-29246
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
5 key takeaways from Black Hat USA 2025
Tags: access, api, attack, authentication, botnet, business, cisco, cloud, container, control, credentials, data, endpoint, exploit, firmware, flaw, framework, Hardware, iam, login, malicious, malware, network, password, programming, rce, remote-code-execution, service, software, technology, tool, update, usa, vulnerability, windowsVaults can be cracked open: Critical vulnerabilities in popular enterprise credential vaults were unveiled by security researchers from Cyata during Black Hat.The flaws in various components of HashiCorp Vault and CyberArk Conjur, responsibly disclosed to the vendors and patched before their disclosure, stemmed from subtle logic flaws in authentication, validation, and policy enforcement mechanisms, as…
-
Win-DoS’ Zero-Click Exploit Could Weaponize Windows Infrastructure for DDoS Attacks
Security researchers have uncovered a “zero-click” denial-of-service chain that can silently turn thousands of Microsoft Windows Domain Controllers (DCs) into a globe-spanning botnet, raising fresh alarms in a year already defined by record-breaking distributed-denial-of-service (DDoS) activity. DDoS attacks climbed 56% year-over-year in late-2024 according to Gcore’s latest Radar report, and Cloudflare’s network has already blocked…
-
‘Win-DDoS’: Researchers unveil botnet technique exploiting Windows domain controllers
Research revealed more DoS flaws: SafeBreach researchers also discovered CVE-2025-26673 in DC’s Netlogon service, where crafted RPC calls could crash the service remotely without authentication. By exploiting this weakness, attackers could knock out a critical Windows authentication component, potentially locking users out of domain resources until the system is rebooted. Similarly, CVE-2025-49716 targets Windows Local…
-
New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP
A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and use it to conduct power distributed denial-of-service (DDoS) attacks.The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and Shahak Morag, who presented their findings at the DEF CON 33…
-
Modular Malware Suite Sold by Threat Actors Through Public Storefront Domains
A threat actor operating under the moniker Cyber Products has established a public-facing storefront at cyberproducts[.]io to distribute their modular malware suite, dubbed Cyber Stealer. This development marks a shift toward overt commercialization of malicious tools, with additional promotion occurring in clandestine online communities such as Hackforums. The malware, alternatively branded as Cyber Botnet &…
-
PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads
Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong.”The botnet’s rapid growth, which now exceeds 2,000 new infections per week, is driven by aggressive campaigns focusing on Spanish and French speakers, indicating a strategic…
-
New VoIP Botnet Targets Routers Using Default Passwords
Tags: attack, botnet, cyber, cybersecurity, exploit, intelligence, malicious, password, router, voipCybersecurity researchers have uncovered a sophisticated botnet operation exploiting VoIP-enabled routers through default password attacks, with initial activity concentrated in rural New Mexico before expanding globally to compromise approximately 500 devices. The discovery began when GreyNoise Intelligence engineers noticed an unusual cluster of malicious IP addresses originating from a sparsely populated region of New Mexico…
-
Botnet Abuses GitHub Repositories to Spread Malware
Hackers Using Amadey Bot to Drops Payloads From Fake GitHub Accounts. Threat actors are using public GitHub repositories to host and distribute malware through the Amadey botnet in an ongoing campaign linked to a broader malware-as-a-service operation, Cisco Talos said in a report published Thursday. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/botnet-abuses-github-repositories-to-spread-malware-a-29014
-
Google Sues the Operators Behind the BadBox 2.0 Botnet
Google is suing the operators behind BadBox 2.0, accusing multiple Chinese threat groups of playing different roles in the operation of the massive botnet that rolled up more than 10 million devices to run large-scale ad fraud and other malicious campaigns. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/google-sues-the-operators-behind-the-badbox-2-0-botnet/
-
Google Sues BadBox 2.0 Botnet Operators Behind 10 Million+ Infected Devices
Google has initiated legal proceedings against the operators of BadBox 2.0, identified as the largest botnet comprising internet-connected televisions and other devices. This botnet, uncovered through a collaborative effort with cybersecurity firms HUMAN Security and Trend Micro, has infected over 10 million uncertified devices running the Android Open Source Project (AOSP). Unlike certified Android systems…
-
Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices
Google on Thursday revealed it’s pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure.”The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android’s open-source software (Android Open Source Project), which lacks Google’s security protections,” First seen…
-
Threat Actors Exploit GitHub Accounts to Host Payloads, Tools, and Amadey Malware Plugins
Cisco Talos researchers identified a sophisticated Malware-as-a-Service (MaaS) operation in April 2025 that employed the Amadey botnet to distribute various payloads. This operation exploited fake GitHub accounts as open directories for hosting malicious payloads, tools, and Amadey plugins, aiming to evade web filtering mechanisms and simplify distribution. By leveraging GitHub’s legitimate domain, threat actors could…
-
AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet
A cryptomining botnet active since 2019 has incorporated likely AI-generated Lcryx ransomware into its operations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lcryx-ransomware-discovered-crypto/
-
Google sues 25 alleged BadBox 2.0 botnet operators, all of whom are in China
Ads giant complains of damage to its reputation and finances … and crime, too First seen on theregister.com Jump to article: www.theregister.com/2025/07/17/google_sues_25_unnamed_chinese/
-
Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices
Google has filed a lawsuit against the anonymous operators of the Android BadBox 2.0 malware botnet, accusing them of running a global ad fraud scheme against the company’s advertising platforms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-sues-to-disrupt-badbox-20-botnet-infecting-10-million-devices/
-
H2Miner Targets Linux, Windows, and Containers to Illicitly Mine Monero
FortiGuard Labs researchers have uncovered a sophisticated cryptomining campaign where the H2Miner botnet, active since late 2019, has expanded its operations to target Linux, Windows, and containerized environments simultaneously. The campaign represents a significant evolution in cross-platform cryptocurrency mining attacks, with threat actors leveraging updated scripts and infrastructure to maximize financial gains from compromised systems.…
-
Malware-as-a-Service Campaign Exploits GitHub to Deliver Payloads
A new malware campaign uses GitHub to deliver payloads via Amadey botnet, bypassing email distribution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/maas-campaign-github-payloads/
-
Ermittlern gelingt Schlag gegen prorussische Hacker
Durch eine internationale Ermittlungsaktion wurde das Servernetz der prorussischen Hackergruppe NoName057(16) lahmgelegt.Deutsche und internationale Strafverfolgungsbehörden sind bei einer gemeinsamen Aktion gegen die Hackergruppe “NoName057(16)” vorgegangen. Nach Angaben des Bundeskriminalamts (BKA) wurde dabei ein aus weltweit verteilten Servern bestehendes Botnetz abgeschaltet, das für gezielte digitale Überlastungsangriffe auf Internetseiten eingesetzt wurde. Solche sogenannten Distributed Denial of Service (DDoS)-Angriffe…