Romanian threat operation Diicot, which was initially discovered to be involved in cryptojacking, was observed to have distributed the Cayosin botnet, suggesting the group's new capabilities to conduct distributed denial-of-service attacks, The Hacker News reports.
Such a botnet, which resembles Mirai and Qbot, has been targeted by Diicot at routers on the OpenWrt operating system, according to a Cado Security report.
"The use of Cayosin demonstrates Diicot's willingness to conduct a variety of attacks (not just cryptojacking) depending on the type of targets they encounter," said researchers.
Aside from Cayosin, the threat group was also observed to leverage the Zmap-based Chrome internet scanner, the Update executable, and the History shell script to facilitate cryptominer deployment.
"This campaign specifically targets SSH servers exposed to the internet with password authentication enabled. The username/password list they use is relatively limited and includes default and easily-guessed credential pairs," said researchers, who recommended the implementation of more robust SSH and firewall defenses.
Related Events
Related Terms
BackdoorBotnetCorruptionCovert ChannelsDNS SpoofingDeepfakeDictionary AttackDisruptionDistributed ScansDomain HijackingGet daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds