Enemybot: a new Mirai, Gafgyt hybrid botnet joins the scene

A new botnet is targeting routers, Internet of Things (IoT) devices, and an array of server architectures.

On April 12, cybersecurity researchers from FortiGuard Labs said the new distributed denial-of-service (DDoS) botnet, dubbed Enemybot, borrows modules from the infamous Mirai botnet’s source code, alongside Gafgyt’s.

The Mirai botnet was responsible for a massive DDoS attack against Dyn in 2016. Mirai’s source code was leaked online in the same year, and even now, botnets utilizing parts of the malicious network continue to be weapons of choice for threat actors.

Gafgyt/Bashlite code is also public, and according to FortiGuard, the new Enemybot employs elements of both botnets in its attacks, joining the likes of Okiru, Satori, and Masuta.

Keksec is thought to be the botnet’s operator. Keksec, also known as Necro or Freakout, is a prolific threat group connected to DDoS assaults, cyberattacks against cloud service providers, and cryptojacking campaigns.

According to Lacework, the threat group is also the developer of a Tsunami DDoS malware variant called “Ryuk,” although this is not to be confused with the Ryuk ransomware family.

Enemybot was first discovered in March 2022. The botnet uses Mirai’s scanner module and bot killer, which checks for running processes in memory

Read More: https://www.zdnet.com/article/enemybot-a-new-mirai-gafgyt-hybrid-botnet-joins-the-scene/#ftag=RSSbaffb68