Botnet
China-linked JDY botnet expands targeting of U.S. military networks
The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. According to researchers at Black Lotus Labs by Lumen, who have been monitoring its activity, JDY maintains a strong focus on the United States, where many of its compromised devices are […]
C0XMO botnet spreads via DD-WRT router flaw, kills rival malware
A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU architectures. The researchers found samples for ARM, MIPS, PowerPC, SuperH, x86, x86_64, and other architectures, featuring exploits for DVRs, routers, video management platforms, and Android-based devices. The botnet was seen targeting […]
Dutch govt disrupts malware botnet with 17 million infected devices
Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. The action was carried out following an investigation from the Police in collaboration with the country’s cybersecurity agency, the National Cyber Security Centre (NCSC). According to the authorities, the […]
US and Canada arrest and charge suspected Kimwolf botnet admin
U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide. 23-year-old Jacob Butler (also known online as “Dort”) was arrested by Canadian authorities in Ottawa on Wednesday pursuant to an extradition warrant. According to a criminal complaint unsealed on Thursday […]
Google accidentally exposed details of unfixed Chromium flaw
Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code execution on the device. The flaw was reported by security researcher Lyra Rebane and acknowledged as valid in December 2022, as per the thread on Chromium Issue Tracker. […]
Russian hackers turn Kazuar backdoor into modular P2P botnet
The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection. Secret Blizzard, whose activity overlaps that of Turla, Uroburos, and Venomous Bear, has been associated with the Russian intelligence service (FSB) and is known for targeting government and diplomatic […]
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. The Gentlemen ransomware-as-a-service (RaaS) operation emerged around mid-2025 and provides a Go-based locker that can encrypt Windows, Linux, NAS, and BSD systems, and a […]
Manager of botnet used in ransomware attacks gets 2 years in prison
A Russian national has been sentenced to two years in prison after admitting that the phishing botnet he managed was used to launch BitPaymer ransomware attacks against 72 U.S. companies. According to court documents, 40-year-old Ilya Angelov (who used the “milan” and “okart” online handles) decided to travel to the United States to plead guilty and […]
International joint action disrupts world’s largest DDoS botnets
Authorities from the United States, Germany, and Canada have taken down Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices. The joint law enforcement action also targeted virtual servers, internet domains, and other infrastructure used by the four botnets to launch hundreds of […]
US disrupts SocksEscort proxy network powered by Linux malware
Law enforcement agencies in the U.S. and Europe, along with private partners, have disrupted the SocksEscort cybercrime proxy network that relied solely on edge devices compromised via the AVRecon malware for Linux. According to Lumen’s Black Lotus Labs (BLL), which helped the U.S. Department of Justice take down Socksescort, the proxy network had a constant average of 20,000 […]