The Matrix Botnet, a threat actor linked to a widespread DDoS campaign has been uncovered by security researchers. The botnet is exploiting vulnerabilities and misconfigurations in Internet of Things (IoT) devices. This operation seems to be a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, which makes it an alarming discovery.
The targets span cloud service providers and smaller enterprises. Analysis revealed up to 35 million potential devices could be affected, suggesting a botnet of 350,000 to 1.7 million devices, depending on vulnerability rates.
The attacks launched using the matrix botnet have primarily targeted IP addresses located in IoT-heavy regions like China and Japan, and to a lesser extent Argentina, Australia, Brazil, Egypt, India, and the U.S. The attack chains exploit known security flaws and weak credentials to gain access to a broad spectrum of internet-connected devices such as IP cameras, DVRs, routers, and telecom equipment.
The threat actor has also been observed leveraging misconfigured Telnet, SSH, and Hadoop servers, with a particular focus on targeting IP address ranges associated with cloud service providers like AWS, Microsoft Azure, and Google Cloud.
The malicious activity relies on a wide array of publicly available scripts and tools available on GitHub, deploying the Mirai botnet malware and other DDoS-related programs on compromised devices and servers.
Matrix utilizes a mix of Python, Shell and Golang-based scripts sourced from GitHub and other platforms. Tools like Mirai variants, SSH scanners, and Discord bots highlight the integration of pre-existing frameworks into customised campaigns. The threat actor also monetises services via Telegram, offering DDoS plans for cryptocurrency payments.
While Matrix appears to lack advanced capabilities, the ease of assembling and operating these tools exemplifies the growing risk posed by low-sophistication actors armed with accessible resources.
About FastNetMon
FastNetMon delivers versatile DDoS detection software for companies at any scale. With extensive experience in the telecom, mobile, and cloud computing industries, we take pride in preventing DDoS attacks and protecting our customers’ networks to the highest standard.
Find out more: https://fastnetmon.com/