On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Security exper

The U.S. Department of Justice (DOJ) seized a Russian-controlled proxy server known as RSOCKS. In a statement released on Thursday, the DOJ stated that the infrastructure of the large-sized botnet RSOCKS had been completely dismantled. The Russian-operated botnet is responsible for hacking millions of computers and other connected electronic devices. A messa

Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “RSOCKS” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. While the coordinated action did n

The U.S. Department of Justice (DoJ) announced to have shut down the infrastructure associated with the Russian botnet RSOCKS. The U.S. Department of Justice (DoJ) announced to have shut down the infrastructure associated with the Russian botnet RSOCKS as part of an international police operation that involved law enforcement partners from Germany, the Ne

The United States on Thursday announced the takedown of a botnet operated by Russian cybercriminals that ensnared millions of devices worldwide.Dubbed “RSOCKS,” the botnet initially targeted Internet of Things (IoT) devices – including industrial control systems, routers, content streaming devices, and various smart devices – but later expanded to compromisi

The U.S. Department of Justice has announced the disruption of the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT (Internet of Things) devices worldwide for use as proxy servers.The law enforcement operation involved the FBI and police forces in Germany, the Netherlands, and the United Kingdom, where the botn

Security and web performance services provider Cloudflare this week announced that it has mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 26 million requests-per-second (RPS).Considered the largest HTTPS DDoS attack on record, the assault was launched by a botnet of roughly 5,000 devices.According to Cloudflare, the att

Researchers discovered a new Golang-based peer-to-peer (P2P) botnet, dubbed Panchan, targeting Linux servers in the education sector since March 2022. Akamai security researchers discovered a new Golang-based P2P Botnet, tracked as Panchan, that is targeting Linux servers that has been active since March 2022. Panchan uses basic SSH dictionary attack

A new peer-to-peer botnet named Panchan appeared in the wild around March 2022,  targeting Linux servers in the education sector to mine cryptocurrency.Panchan is empowered with SSH worm functions like dictionary attacks and SSH key abuse to perform rapid lateral movement to available machines in the compromised network.At the same time, it has powerful

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 06, 2022. I’ve also included some comments on these stories.Another nation-state actor exploits Microsoft Follina to attack Eur

Several botnets are now using exploits targeting a critical remote code execution (RCE) vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installs.Successful exploitation of this flaw (tracked as CVE-2021-26084) allows unauthenticated attackers to create new admin accounts, execute commands, and ultimately ta

There’s no shortage of reasons why an SMB might use Linux to run their business: There are plenty of distros to choose from, it’s (generally) free, and perhaps above all — it’s secure. The common wisdom goes that Linux malware is rare, and for the most part this is true. Thanks to its built-in security defenses, strict user privilege model, and transparen

The Clipminer botnet allowed operators to earn at least $1.7 million, according to a report published by security researchers at Symantec. Researchers at Symantec’s Threat Hunter Team uncovered a cryptomining operation that has potentially made the actors behind it at least $1.7 million in illicit gains. The bot focuses on cryptocurrency mining and crypto

Cybercriminals operating the Clipminer botnet have raked in at least $1.7 million in illicit gains to date, according to an estimate by security researchers at Symantec.Spreading via trojanized cracked or pirated software, the Clipminer trojan shows similarities with the cryptomining trojan KryptoCibule, suggesting that it could be either a copycat or an evo

A new version of the XLoader botnet is implementing a new technique to obscure the Command and Control infrastructure. Researchers from Check Point have discovered a new version of the XLoader botnet, which implements significant enhancements, such as a new technique to obscure the Command and Control infrastructure XLoader has been observed since 2020