Threat Intelligence, Malware

Significantly improved XorDDoS malware variant examined

DDoS attack

Distributed denial-of-service malware XorDDoS has been enhanced with a more advanced controller as it continued to proliferate around the world from November 2023 to February 2025, according to Cyber Security News.

While more than 70% of intrusions involving the malware during the same period were aimed at the U.S., XorDDoS' latest "VIP version" controller and central controller facilitated simultaneous sub-controller management and expanded attacks against Canada, Brazil, Japan, Taiwan, and several countries across Europe, a report from Cisco Talos showed. XorDDoS which infiltrates Linux devices through SSH brute-force attacks before ensuring persistence via cron jobs and init scripts, leveraging the XOR key "BB2FA36AAA9541F0" for configuration decryption, and employing an advanced encryption tactic to circumvent security software was also suspected to be managed by Chinese-speaking threat actors following an analysis of its multi-layer controller, builder, and controller binding tool language settings.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds