A Botnet called “Bondnet” compromised more than 15,000 machine including Thousands of Windows servers and control all its Activities Remotely and recent Discover stats that “Bondnet” Suspect for mine different cryptocurrencies.
Bondnet Botnet performance seems highly sophisticated and everyday more than 2000 Compromised Machines which equals to 12,000 cores reports to Bondnet Command & Control Server (C&C Server) and performing DDOS Attack.
This Botnet Attack victim machines by using different type of public exploits and installs a Windows Management Interface (WMI) Trojan communicates with a Command and Control (C&C) server under the name of Bond007.01 operation.
This Botnet Attack performing Mostly for Financial Motivation and earning thousands of $ each and every day According to Guardicore Report.
Bondnet Botnet Flow (Source :GuardiCore)
According to GuardiCore Report Compromised Servers all are Windows Servers including “Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 ,Windows Server 2012 R2”
Researchers Said ,While most victims are used for mining, other victims are used to conduct attacks, serve up malware files or host the C&C servers. The attacker uses the compromised machines to expand the botnet attacking infrastructure, hiding these machines among legitimate servers.Basic Indication of all these attacks using Visual basic files download and install cryptocurrency miner and a remote access trojan (RAT) .
GuardiCore Stats uncovered include known phpMyAdmin configuration bugs, exploits in JBoss, Oracle Web Application Testing Suite, ElasticSearch, MSSQL servers, Apache Tomcat, Oracle Weblogic and other common services.“According to the Infection report, 500 new machines are added daily to the attacker’s network and around the same number of machines is delisted and Bondnet victims are distributed across 141 countries in 6 continents .”
Most of the Victims are used for mine different cryptocurrencies and serve up malware files or host the C&C servers.
By hiding these machines among legitimate servers the attacker uses the compromised machines to expand the botnet attacking infrastructure, hiding these machines among legitimate servers.
A sophisticated malware campaign leveraging GitHub repositories disguised as game modifications and cracked software has…
Netskope Threat Labs uncovered a sprawling phishing operation involving 260 domains hosting approximately 5,000 malicious…
A new wave of cyberattacks leveraging the Winos4.0 malware framework has targeted organizations in Taiwan…
A sweeping analysis of the Common Crawl dataset—a cornerstone of training data for large language…
The Lotus Blossom hacker group, also known as Spring Dragon, Billbug, or Thrip, has been…
A newly identified malware, dubbed "Squidoor," has emerged as a sophisticated threat targeting government, defense,…
View Comments
Clever name for a botnet!
Guardicore did a good summary of the threat posed by zombie botnet armies – and this is why it’s important people take precautions (from DDoS mitigation, WAFs, and basic security readiness) to try to keep botnets away. How did people download the exploit?