Saturday, May 31, 2025
HomeBotnetA Botnet called "Bondnet" Compromised Thousands of Windows servers...

A Botnet called “Bondnet” Compromised Thousands of Windows servers and Perform DDOS used to Mines for Cryptocurrencies

Published on

SIEM as a Service

Follow Us on Google News

A Botnet called “Bondnet” compromised more than 15,000 machine including Thousands of  Windows servers and control all its Activities Remotely and recent Discover stats that “Bondnet” Suspect for mine different cryptocurrencies.

Bondnet Botnet performance seems highly sophisticated  and  everyday more than 2000 Compromised Machines which equals to 12,000 cores reports to Bondnet Command & Control Server (C&C Server) and performing DDOS Attack.

This Botnet Attack victim machines by using different type of public exploits and installs a Windows Management Interface (WMI) Trojan  communicates with a Command and Control (C&C) server under the name of Bond007.01 operation.

- Advertisement - Google News

This Botnet Attack performing Mostly for Financial Motivation and earning thousands of $ each and every day According to Guardicore Report.

Bondnet Botnet Flow (Source :GuardiCore)

Compromised Windows Servers

According to GuardiCore Report Compromised Servers all are Windows Servers including “Windows Server 2012, Windows Server 2008 R2, Windows Server  2008, Windows Server 2003 ,Windows Server 2012 R2”

Researchers Said ,While most victims are used for mining, other victims are used to conduct attacks, serve up malware files or host the C&C servers. The  attacker uses the compromised machines to expand the botnet attacking infrastructure, hiding these machines among legitimate servers.

Compromised Victims Strategy

Basic Indication of all these attacks using Visual basic files download and install cryptocurrency miner and a remote access trojan (RAT) .

GuardiCore Stats uncovered include known phpMyAdmin configuration bugs, exploits in JBoss, Oracle Web Application Testing Suite, ElasticSearch, MSSQL servers, Apache Tomcat, Oracle Weblogic and other common services.
https://www.guardicore.com/wp-content/uploads/2017/12/attack_vectors-1.png

“According to the Infection report, 500 new machines are added daily to the attacker’s network and around the same number of machines is delisted and Bondnet victims are distributed across 141 countries in 6 continents .”

Most of the Victims are used for mine different cryptocurrencies and serve up malware files or host the C&C servers.

By hiding these machines among legitimate servers the  attacker uses the compromised machines to expand the botnet attacking infrastructure, hiding these machines among legitimate servers.

Also Read:

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments

A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra...

Threat Actors Exploit Google Apps Script to Host Phishing Sites

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages...

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated...

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

New HTTPBot Botnet Rapidly Expands to Target Windows Machines

The HTTPBot Botnet, a novel Trojan developed in the Go programming language, has seen...

Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded...

20-Year-Old Proxy Botnet Network Dismantled After Exploiting 1,000 Unpatched Devices Each Week

A 20-year-old criminal proxy network has been disrupted through a joint operation involving Lumen’s...