Technology industry organizations in Mexico, Japan, Taiwan, and Vietnam have been targeted with attacks involving the newly emergent RustoBot botnet, which leverages TOTOLINK and DrayTek router vulnerabilities to facilitate distributed denial-of-service intrusions, over the first two months of 2025, according to GBHackers News.
Exploitation of several TOTOLINK and DrayTek command injection flaws has enabled the Rust-based RustoBot to remotely execute arbitrary system commands, including those that allow self-propagation to devices of varying architectures, a report from Fortinet showed. After evading detection by concealing its configuration with XOR encryption algorithm, RustoBot proceeds with command-and-control server domain resolution and DDoS attack execution via the Raw IP, TCP, and UDP protocols, said Fortinet researchers, who noted the intrusions to be conducted using a structured command system. Organizations have been urged to mitigate the threat of RustoBot by not only bolstering endpoint monitoring and authentication systems but also strengthening cybersecurity training programs for their employees.
Exploitation of several TOTOLINK and DrayTek command injection flaws has enabled the Rust-based RustoBot to remotely execute arbitrary system commands, including those that allow self-propagation to devices of varying architectures, a report from Fortinet showed. After evading detection by concealing its configuration with XOR encryption algorithm, RustoBot proceeds with command-and-control server domain resolution and DDoS attack execution via the Raw IP, TCP, and UDP protocols, said Fortinet researchers, who noted the intrusions to be conducted using a structured command system. Organizations have been urged to mitigate the threat of RustoBot by not only bolstering endpoint monitoring and authentication systems but also strengthening cybersecurity training programs for their employees.
