New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt
Apr 14, 2022
A threat group that pursues crypto mining and distributed denial-of-service (DDoS) attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things (IoT) devices since last month. "This botnet is mainly derived from Gafgyt 's source code but has been observed to borrow several modules from Mirai 's original source code," Fortinet FortiGuard Labs said in a report this week. The botnet has been attributed to an actor named Keksec (aka Kek Security , Necro, and FreakOut ), which has been linked to multiple botnets such as Simps , Ryuk (not to be confused with the ransomware of the same name), and Samael , and has a history of targeting cloud infrastructure to carry out crypto mining and DDoS operations. Primarily targeting routers from Seowon Intech, D-Link, and iRZ to propagate its infections and grow in volume, an analysis of the malware specimen has highlighted Enemybot's obfuscation attemp