KashmirBlack Botnet Uses DevOps to Stay Agile

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
Security researchers have lifted the lid on a highly sophisticated global botnet operation performing millions of attacks per day, including cryptocurrency mining, spamming and defacements.

Dubbed “KashmirBlack” by a team at Imperva, hundreds of thousands of compromised machines are controlled by a single command and control (C&C) server.

Active since around November 2019, it spreads by targeting an almost decade-old PHPUnit RCE vulnerability in popular content management system (CMS) software. Imperva warned that the pandemic has arguably created more potential victims for the botnet, given that many businesses have been scrambling to create an online presence via such platforms.

The botnet’s infrastructure is apparently more sophisticated than most, using DevOps techniques to drive agility and ensure new payloads and exploits can be added fairly easily. This agility also means the botnet can rapidly change the repositories such as GitHub where it stores malicious code, as well as its C&C infrastructure, which Imperva claimed recently migrated to Dropbox to hide its tracks. [...]
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top