Tag: botnet
All entries tagged botnet.
- Google, FBI, Lumen and Shadowserver disrupt the NetNut (Popa) residential-proxy botnet
- Operation Endgame
- Cisco Talos: a field guide to Windows COM abuse — ITaskService, BITS, WMI and DCOM as EDR-evasion primitives
- Operation Endgame dismantles the Amadey and StealC malware-as-a-service backbone
- AryStinger: a reconnaissance-and-proxy botnet built on end-of-life D-Link routers and QNAP NAS
- Law-enforcement momentum — Operation Endgame expands, Silver Fox mass-arrest, Conti loader plea
- Krebs and Qurium tie the "Popa" Android-TV residential-proxy botnet to a NASDAQ-listed proxy vendor
- Microsoft details a USB-LNK worm with Tor hidden-service C2 driving a cryptocurrency clipboard hijacker
- Shai-Hulud / Miasma supply-chain worm lineage — open-sourced, ported to PyPI, and a 1,500-package AUR wave
- Black Lotus Labs: the Volt Typhoon-linked JDY botnet doubles to 1,500+ devices and weaponises CVE disclosures within hours
- FortiGuard documents C0XMO, a cross-platform Gafgyt variant propagating through a five-year-old DD-WRT UPnP flaw
- University of Toronto / Vector Institute: a self-propagating worm that runs open-weight LLMs on compromised hosts to synthesise per-target exploits
- GoDaddy documents WordPress malware using Steam profile comments as a Unicode-steganography C2 resolver
- Sekoia consolidates Gamaredon tooling under GammaPhish / GammaWorm, details an NTFS-ADS USB+network worm
- Gamaredon — GammaPhish / GammaWorm / GammaSteel: Russian FSB campaign with USB worm and S3 exfiltration (Sekoia TDR part one)
- Gamaredon: GammaPhish → GammaWorm (NTFS ADS + USB) → GammaSteel (S3 exfil) — the week's most complete intrusion kill-chain disclosure
- Dutch Police + NCSC dismantle Asocks residential-proxy botnet (~17 M devices, 200 NL-hosted servers seized)
- CrowdStrike, Google and Shadowserver simultaneously sever all four C2 channels of the GlassWorm developer-targeting botnet (not to be confused with the Nx Console / TanStack GitHub-publish chain in § 5) — Russia-attributed, active since early 2025
- Asocks residential-proxy botnet — Dutch Police + NCSC dismantle ~17M-device infrastructure hosted in the Netherlands
- Kimwolf / "Dort" DDoS-for-hire operator arrested — 30+ Tbps IoT botnet, U.S. DoD-range targeting, AISURU variant
- TeamPCP / Shai-Hulud — first copycat wave (Phantom Bot + SSH/cloud stealers), Checkmarx Jenkins plugin trojanised again, PCPJack rival worm hits exposed cloud services