“We discovered the latest version of the XorDDoS controller, called the ‘VIP version,’ and its corresponding central controller were used to build the DDoS bot network for more sophisticated and widespread attacks,” noted Cisco Talos in their recent analysis. Once inside a system, XorDDoS deploys sophisticated persistence mechanisms, ensuring automatic execution at system startup while effectively evading detection by security products. A significant evolution in distributed denial-of-service (DDoS) malware has been detected, with the latest version of XorDDoS continuing to spread globally between November 2023 and February 2025. This central controller enables threat actors to manage multiple XorDDoS sub-controllers simultaneously, significantly enhancing their ability to coordinate large-scale attacks. The malware primarily propagates through SSH brute-force attacks, attempting numerous root credential combinations across thousands of servers until successfully gaining access to vulnerable Linux devices. Cisco Talos researchers identified that over 70 percent of attacks using XorDDoS targeted the United States during the monitoring period. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The geographic impact extends beyond the United States, with compromised systems attempting to target and attack several countries including Spain, Taiwan, Canada, Japan, Brazil, and numerous European nations.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 18 Apr 2025 09:20:12 +0000