Researchers believe Dark Frost was created using stolen/leaked source code from Qbot, Gafgyt, and Mirai malware to carry out DDoS attacks.
Web infrastructure company Akamai’s Security Intelligence Response Team has discovered a new botnet targeting the gaming industry with DDoS attacks.
Akamai security researcher Allen West explained that they had dubbed this botnet Dark Frost. Per their analysis, this botnet is similar to several previously discovered botnets and malware strains, including Qbot, Gafgyt, and Mirai. Researchers believe Dark Frost was created using stolen code from these strains to allow attackers to carry out DDoS attacks successfully.
How Was it Discovered?
Akamai flagged the botnet in February 2023, but they believe the attacker has been active since May 2022. When Akamai researchers reverse-engineered the botnet, its potential was reported at 629.28 Gbps via a UDP flood attack. The first binary sample was collected on February 28 in Akamai SIRT’s HTTP Honeypots.
Reportedly, the threat actor targeted misconfigurations in Hadoop YARN servers, which enabled them to conduct remote code execution. This YARN misconfiguration has existed since 2014 but has yet to be assigned a CVE, so attackers can trick the server into downloading/running their malicious binary.
According to Akamai’s blog post, the most promin ..
Support the originator by clicking the read the rest link below.