DailyPost 2920
BOTNET COMPROMISES 200,000 DEVICES
The scale sounds humongous and so it is. The way cyber insecurity is surging ahead, its time, all cyber professionals need to be in the know of things like the botnet and various others, to understand when such compromises happen. For the cyber security professionals a very new and challenging world is opening, a chance to prove your metal or be subsumed in the surging sea waters. What is a botnet is the primary question. “A botnet is a network of internet-connected devices that are infected with malware and controlled by a hacker or criminal.”
Botnet is a combination of “robot” and “network,” with IoT devices as the prime target as they are cheap, internet-capable and short on security. It can perform DDoS attacks and phishing campaigns. The well known examples are of the Dyn attack in 2016 and the Mirai botnet-let attacks in 2023. And now in 2024 cybersecurity researchers have uncovered a never before seen botnet. The media headline blares, “New ‘Raptor Train’ IoT Compromises Over 200,000 Devices Worldwide”. This botnet has compromised an army of small office/home office (SOHO) and IoT devices. As one would logically expect in most likelihood it was being operated by Chinese nation-state actor Flax Typhoon.
What has been the time period of this compromise? As per the cyber security researchers it is safe to accept that it has been operational since at least May 2020, with a peak of 60,000 actively peaked devices in June 2023. This super sophisticated super botnet has been dubbed Raptor Train by Lumen’s Black Lotus Labs. The quantum of the infected devices makes it scary. The numbers are more that 200,000 SOHO routers, NVR/DVR devices, network attached storage (NAS) servers and IP cameras. Even a newly initiated person in tech can visualise the tech tinderbox.
It has been one of the largest Chinese state-sponsored IoT botnets discovered to date. As expected the botnet architecture has three tiers. Tier 1 compromised of SOHO / IoT devices. Tier 2 had exploitation, payload and command-and-control servers and Tier 3 had centralised management nodes and a cross-platform electron application. Based on the detailed cybersecurity research, the botnet consisted of over 260,000 devices in June 2024, with victims scattered all across the globe with a maximum of 135,300 in North America to a minimum of 800 in South America. In conclusion the report indicates that more than 1.2 million records of compromised devices have been identified in a MySQL database hosted on a Tier 3 management server.
THE MULTI-HEADED HYDRA CALLED CYBER WAR KNOWS NO BOUNDS.
Sanjay Sahay
Have a nice evening.