In November 2022, FortiGuard analysts observed a unique botnet written in the Go language being distributed through IoT vulnerabilities. This botnet, known as Zerobot, contains several modules, including self-replication, attacks for different protocols, and self-propagation. It also communicates with its command-and-control server using the WebSocket protocol. Based on some IPS signatures trigger count (shown in Figure 1), this campaign started its distribution of the current version sometime after mid-November. Affected platforms: Linux Impacted parties: Any organization Impact: Remote attackers gain control of the vulnerable systems Severity level: Critical This report details how this malware leverages vulnerabilities and examines its behavior once inside an infected device.
Download PDF to Read More about infection techniques and indicators: IR-22-341-001_ZeroBot.pdf
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities/
Comments