Security researchers have identified a botnet called Dark Frost that directly targets the gaming industry and is made up of code stolen from similar projects such as Mirai and Qbot.
Botnets like Mirai, for example, draw a lot of attention, but the online world is full of smaller projects built by threat actors that lack that level of infamy, at least for now. The attacker took code from several known pieces of malware and Gafgyt, Qbot, Mirai threats and built his personal threat.
The attacker targeted misconfigured Hadoop YARN servers that would allow him to deploy this threat through remote code execution.
“Exploitation of this YARN misconfiguration has been growing in popularity as of late, as it has not been assigned a CVE, and it allows a threat actor to trick the server into downloading and running their malicious binary,” explained the Akamai security researchers. “However, it should be noted that this vulnerability has been in existence since 2014, making it far from a novel technique.”
What makes this botnet even more interesting is that the author not only doesn’t try to hide its identity, he’s actually claiming responsibility for attacks and boasting about the software’s capabilities.
“It has launched DDoS attacks at gaming companies, game server hosting providers, online streamers, and even other members of the gaming community who the threat actor interacted with directly,” the researchers added. “The actor behind these attacks has published live recordings of their attacks for all to see.”
Even with its cobbled-together botnet, the attacker managed to build DDoS attacks peaking at 629.28 Gbps, enough to compromise online services even for large companies.
The criminal targeted servers with an old security problem, but still, he compromised hundreds of them. Even a low-level actor can inflict substantial damage; just imagine what a well-funded group can accomplish.
tags
Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.
View all postsDecember 19, 2024
November 14, 2024