Hackers use the Mirai botnet to launch large-scale Distributed Denial of Service attacks by exploiting vulnerable Internet of Things devices.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month.
NoaBot primarily targets Linux IoT devices for DDoS attacks.
Mirai botnet was initially identified in 2016, and its source code is publicly available, leading to various variants appearing.
NoaBot initially surfaced in early 2023 and is evolving with:-.
Not only that even researchers also noted several incidents of dropping P2PInfect worm samples which link both campaigns.
NoaBot mirrors Mirai's capabilities but diverges in code.
While embedded song lyrics in early samples remain unexplained, the developers of this botnet removed the lyrics in the later versions.
NoaBot alters Mirai by employing a distinct SSH credential dictionary and introducing post-breach functions like:-.
Unlike Mirai, NoaBot is compiled with uClibc, which helps in altering antivirus detection to SSH scanner or generic trojan signatures, and the following things complicate the reverse engineering:-.
The miner is a self-compiled XMRig variant that extracts configurations before execution.
Apart from this, the threat actors evade detection by dynamically modifying the command line and encrypting the pool details by communicating with Google's DNS for domain resolution.
In 2023, 849 source IPs globally attacked honeypots, with a notable hotspot in China contributing to 10% of all attacks.
Their global activity is quite evenly distributed, according to their geolocation data.
Given that the software is wormable, it stands to reason that each new victim also becomes an attacker.
On the other hand, China is the standout location for all the action.
Try Kelltron's cost-effective penetration testing services to assess and evaluate the security posture of digital systems - Free Demo.
This Cyber News was published on gbhackers.com. Publication date: Thu, 11 Jan 2024 14:13:43 +0000