Home SECURITY New grouping Diicot has expanded its attacks from cryptojacking to DDoS attacks

New grouping Diicot has expanded its attacks from cryptojacking to DDoS attacks

0
New grouping Diicot has expanded its attacks from cryptojacking to DDoS attacks

[ad_1]

New grouping Diicot has expanded its attacks from cryptojacking to DDoS attacks

Hackers use a previously unknown tool to brute force SSH server passwords, as well as the new Cayosin botnet.

By data researchers Cado Securitya Romanian hacker group Diicot, which was previously engaged in cryptojacking and selling malware as a service (Malware-as-a-Service, MaaS), is now also able to conduct DDoS– attacks on your targets.

The researchers found that Diicot (formerly known as Mexals) uses botnet Cayosin, based on Mirai, to infect routers running Linux-based OpenWRT OS. The Cayosin botnet has several modules for various types of attacks, including HTTP flooding, UDP-flood, SYN-flood and TCP-flood.

The Diicot group also uses Discord to establish communication with the command and control server (C2) and receive commands to launch attacks. The researchers were able to access one of the Discord channels that Diicot used for this campaign and found that the group had attacked several sites, including those of government organizations and educational institutions.

Diicot is a relatively new hacker group whose name is the same as the Romanian Organized Crime and Terrorism Investigation Authority (DIICOT). The group has been active since 2020 and has a variety of goals and tactics.

Diicot uses malware that guesses passwords to SSH-servers, and which has not been previously discovered or published in public repositories. The group also uses the Shell Script Compiler (Shc) and a modified version of the UPX executable packager to make it difficult to parse their payloads.

To protect against attack, users are advised to harden SSH security by implementing key-based authentication for SSH instances and firewall rules to restrict their access to IP addresses. It is also necessary to update router firmware and use complex passwords to prevent infection by the Cayosin botnet.

[ad_2]

Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here