Tuesday, May 6, 2025
HomeBotnetNew DemonBot Attack Hadoop Clusters to Performing DDoS Attacks using Powerful Cloud...

New DemonBot Attack Hadoop Clusters to Performing DDoS Attacks using Powerful Cloud infrastructure servers

Published on

SIEM as a Service

Follow Us on Google News

New Botnet called DemonBot targeting Hadoop Clusters in order to perform DDOS attack using powerful cloud infrastructure.

Hadoop is an open source distributed processing framework that manages storage and data processing for big data applications running in clustered systems.

Unlike Mirai based Botnet, DemonBot botnet spreading via centralized server and its rapidly exploiting the various servers around the world.

- Advertisement - Google News

Researcher from Radware is tracking over 70 active exploit servers with an aggregated rate of over 1 Million exploits per day.

Its a kind of unsophisticated Botnet and it was uncovered by monitorng the malicious agent that leveraging a Hadoop YARN unauthenticated remote command execution in order to infect Hadoop clusters.

There is another similar attack discovered before that leveraging the same Hadoop Yarn bug in a Sora botnet variant.

Compare to IoT devices, Hadoop Clusters is much more capable of handling the heavy DDOS Attack and UDP and TCP floods are supported attack vector for DemonBot Attack.

Also Read: You can Take DDoS Protection Bootcamp – Free Training Course to Improve Your DDoS Protection Skills.

Hadoop YARN Exploits

Cluster resource management provide YARN(Yet Another Resource Negotiator) prerequisite for Enterprise Hadoop and provides cluster resource management allowing multiple data processing engines to handle data stored in a single platform.

In this case YARN exposed REST API which allows remote applications to submit new applications to the cluster.

DemonBot repeatedly attempt since september and reached almost 1 million attempts per day for most of October and the attempt that made by unqiue IP count reaching upto 70 servers.

According to radware,The DemonBot Command and Control service is a self-contained C program that is supposed to run on a central command and control server and it provides two services:
  • A bot command and control listener service – allowing bots to register and listen for new commands form the C2
  • A remote access CLI allowing botnet admins and potential ‘customers’ to control the activity of the botnet

Finally DemonBot running infected severs connect to the C2 server to listen the new commands. here C2 Server hardcoded with post and IP address.

After the successful connection DemonBot sends information about the infected device to the C2 server.

An organization should always ensure and focus on maximum Protection level for enterprise networks and you can try a free trial to Stop DDoS Attack in 10 Seconds. Also, Check Your Company’s DDOS Attack Downtime Cost.

IOC

8805830c7d28707123f96cf458c1aa41  wget
1bd637c0444328563c995d6497e2d5be  tftp
a89f377fcb66b88166987ae1ab82ca61  sshd
8b0b5a6ee30def363712e32b0878a7cb  sh
86741291adc03a7d6ff3413617db73f5  pftp
3e6d58bd8f10a6320185743d6d010c4f  openssh
fc4a4608009cc24a757824ff56fd8b91  ntpd
d80d081c40be94937a164c791b660b1f  ftp
b878de32a9142c19f1fface9a8d588fb  cron
46a255e78d6bd3e97456b98aa4ea0228  bash
53f6451a939f9f744ab689168cc1e21a  apache2
41edaeb0b52c5c7c835c4196d5fd7123  [cpu]

Also Read:

Stop DDoS Attacks In 10 Seconds – Organization’s Most Important Consideration for DDOS Attack Mitigation

DDoS Attack Prevention Method on Your Enterprise’s Systems – A Detailed Report

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

20.5 Million DDoS Barrage Shattered Records Leading Attack Fired Off 4.8 Billion Packets

Cloudflare's latest DDoS Threat Report for the first quarter of 2025 reveals that the...

New Rust-Based Botnet Hijacks Routers to Inject Remote Commands

A new malware named "RustoBot" has been discovered exploiting vulnerabilities in various router models...