In November 2022, FortiGuard analysts observed a unique botnet written in the Go language being distributed through IoT vulnerabilities. This botnet, known as Zerobot, contains several modules, including self-replication, attacks for different protocols, and self-propagation. It also communicates with its command-and-control server using the WebSocket protocol. Based on some IPS signatures trigger count (shown in Figure 1), this campaign started its distribution of the current version someti
zerobot (2)
Activity Summary - Week Ending on 9 December 2022:
- Red Sky Alliance identified 23,269 connections from new IP’s checking in with our Sinkholes
- Microsoft in Tokyo hit 32x
- Analysts identified 875 new IP addresses participating in various Botnets
- Cryptonite Source Code
- No Way to Recover
- ZeroBot – Top 5 Malware (IR-22-341-001)
- School District Out of Options
- Paris Hospital Hit
- Agrius and Diamonds
- VTB Bank hit with DDoS
Link to full report: IR-22-343-001_weekly343.pdf
