HQ/EMEAFind out how we can help your business
A lone threat actor, Matrix, is the alleged operator of a widespread distributed denial-of-service campaign that exploits vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet.
According to reports, the new operation is a thorough one-stop shop for scanning, exploiting vulnerabilities, spreading malware, and setting up shop kits. The evidence suggests that a single individual launched the campaign and carried out the operation.
The researchers have confirmed that the DDoS primarily targets IP addresses in China and Japan. However, some of the traces of the attacks have also appeared to a lesser extent in countries such as Argentina, Australia, Brazil, Egypt, India, and the United States.
The initial assessment of the attack did not identify Ukraine as one of the targeted countries; hence, some researchers believe that the attack was financially motivated.
The new Matrix DDoS botnet campaign uses vulnerabilities and weak credentials to access internet-connected devices.
Investigation shows that the Matrix distributed denial-of-service campaign has leveraged security flaws and default credentials to obtain access to various internet-connected devices, such as routers, IP cameras, DVRs, and telecom equipment.
Additionally, the threat actor has also used misconfigured Telnet, SSH, and Hadoop servers to start a targeted attack on IP address ranges connected with various cloud service providers (CSPs), including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud.
The malicious activity also uses a variety of publicly available scripts and tools on GitHub. The hacker aims to distribute the Mirai botnet malware and other DDoS-related apps on compromised devices and servers.
Matrix has also been discovered to use its own GitHub account, which it created a year ago, to stage some of the DDoS artefacts used in the attack. It’s also thought that the entire offering is a DDoS-for-hire service through a Telegram bot, which allows consumers to select from various levels in exchange for a crypto payment to carry out the attacks.
Earlier-mentioned countries, especially the Asian ones, should be wary of this new campaign. Security providers should not take these DDoS operations lightly despite being operated by a lone individual.
