Organizations in the U.S., Canada, and Germany have been targeted with attacks involving the novel Zergeca distributed denial-of-service botnet last month, The Hacker News reports.
Most of the intrusions from early to mid-June were ACK flood DDoS attacks but Zergeca had additional capabilities that enhanced its flexibility, according to a report from QiAnXin XLab researchers, which found that attacks originated from a command-and-control address that had been used for Mirai botnet distribution last September.
Further examination of the Zergeca botnet revealed four different modules for persistence, proxying, cryptominer and backdoor malware removal, and device takeovers, said researchers, who also noted the botnet's support for six various DDoS intrusions.
"The built-in competitor list shows familiarity with common Linux threats. Techniques like modified UPX packing, XOR encryption for sensitive strings, and using DoH to hide C2 resolution demonstrate a strong understanding of evasion tactics," added researchers.