IoT devices around the world are being targeted by a massive new botnet
- Researchers from Aqua Security discover new Matrix botnet
- The botnet runs IP cameras, DVRs, routers and the like
- Matrix is built with off-the-shelf and open source tools
Cybersecurity researchers have discovered a new malicious botnet that carries out distributed denial of service (DDoS) attacks on victims around the world.
Named “Matrix” by experts from Aqua securityis the botnet created by a lone hacker who collected several open source and otherwise free-to-use tools to create it from scratch.
The maker has scanned the internet for vulnerable Internet of Things (IoT) devices such as IP cameras, DVRs, routers and telecom equipment. These may have a known software bug, or simply have an easy-to-crack password.
Script Kiddie
After identifying the vulnerable endpoints, the hacker would deploy Mirai: an infamous, nearly decade-old malware that was behind some of the most disruptive DDoS attacks in history. In addition to Mirai, the attacker would also use PYbot, pynet, DiscordGo, Homo Network and other malicious tools.
Ultimately, this led to the creation of Matrix, a widespread botnet that was later offered as a service to other crooks. The sale was made possible through a Telegram channel called “Kraken Autobuy,” where the attacker was paid in cryptocurrency.
The victims are spread all over the world – from China and Japan to Argentina, Australia and Brazil. Egypt, India and the US were also on the list.
Although the threat actor appears to be of Russian origin, there is a notable absence of Ukrainian targets, as researchers believe this is because the “Architect” of the Matrix is after money, not political or ideological agendas.
Aqua also made an interesting observation, calling the attacker a ‘script kiddie’. This is a derogatory term in the cybersecurity community, usually describing an inexperienced or unskilled hacker. The researchers did this because the attacker used off-the-shelf solutions, instead of building custom solutions themselves.
However, they also hinted that script kiddies could become a much bigger threat in the future:
“This campaign, while not very sophisticated, shows how accessible tools and basic technical knowledge can enable individuals to launch a broad, multi-faceted attack against numerous vulnerabilities and misconfigurations in network-connected devices,” they said.
“The simplicity of these methods underscores the importance of addressing basic security practices, such as changing default credentials, securing administrative protocols, and applying timely firmware updates, to protect against broad, opportunistic attacks like these.”