Security
Headlines
HeadlinesLatestCVEs

Headline

Threat Actors Using Go-based HinataBot to launch DDoS Attacks

By Deeba Ahmed HinataBot can launch Distributed Denial of Service (DDoS) attacks reaching 3.3 TBPS. This is a post from HackRead.com Read the original post: Threat Actors Using Go-based HinataBot to launch DDoS Attacks

HackRead
#vulnerability#ddos#dos#nodejs#git#intel#rce#botnet#huawei#auth#ssh

****The botnet is based on the Mirai botnet, and since it is actively updated, the new versions have additional features like functional improvements and anti-analysis.****

Akamai’s Security Intelligence Response Team (SIRT) cybersecurity researchers have discovered a brand-new botnet, dubbed HinataBot. This botnet can launch DDoS attacks of up to several terabytes in volume. Its distribution started earlier in 2023 and is still ongoing.

New Botnet can Launch DDoS Attacks of 3.3 TBPS

Akamai’s research report read that HinataBot can launch Distributed Denial of Service (DDoS) attacks reaching 3.3 TBPS. It is a Go-based botnet named after a character from the famous anime series, Naruto. While researching, Akamai’s honeypots detected this botnet as it tried to exploit old vulnerabilities, including CVE-2017-17215 and CVE-2014-8361.

The flaws impact Realtek SDS, Hadoop Yarn servers, and Huawei routers. To exploit these flaws, attackers use brute force, RCE payloads, and infection scripts. HinataBot evidence was found in Akamai’s SSH and HTTP honeypots, but researchers believe malware authors are actively updating it.

What Makes Hinata Different?

The researchers imitated the attackers’ C2 server with a range of reverse engineering techniques and simulated attacks to get a deeper understanding of the malware functionalities and its unique attributes. They learned that previously DDoS flooding attacks were launched over multiple protocols.

But, the recently discovered HinataBot uses only HTTP and UDP flooding techniques. Attackers exploit the miniigd SOAP service on Realtek SDK with CVE-2014-8361, exposed Hadoop YARN servers with an unspecified flaw, and Huawei HG532 routers with CVE-2017-17215.

Attack Volume

Akami noted that HinataBot’s DDoS attack’s packet size for HTTP reached 484 to 589 bytes whereas, for UDP packets, the size was considerably large at 65,549 bytes. It may seem low but could cause sufficient digital destruction for the targets.

Akamai, however, noted that the malware could generate over 20,000 requests and reach 3.4 MB whereas, with a thousand nodes, the attack data volume may reach 3.3 TBPS.

Threat Actors Distributing Mirai Binaries

Further probe revealed that the threat actors operating HinataBot distributed Mirai binaries. There are several nods to the open-source, Go-based botnet.

“HinataBot is the newest in the ever-growing list of emerging Go-based threats that includes botnets such as GoBruteForcer and the recently discovered (by SIRT) kmsdbot,” Akamai researchers noted.

The malware is based on the Mirai botnet, and since it is actively updated, the new versions have additional features like functional improvements and anti-analysis. Its previous versions supported UDP, HTTP, TCP, and ICMP floods, but the new version only supports UDP and HTTP.

  1. Akamai Mitigated Record-Breaking DDoS Attack
  2. RapperBot hits gaming servers with DDoS attacks
  3. Tor Network Hit By a Series of Ongoing DDoS Attacks

Related news

Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 (CVSS score: 8.7), the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE)," Akamai researchers Kyle

Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability

Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that's bundled along with the software. The complete list of impacted

New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks

A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as 'Hinata--,'" Akamai said in a

New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks

A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as 'Hinata--,'" Akamai said in a

New DDoS Malware ‘Chaos’ Hits Linux and Windows Devices

By Deeba Ahmed Most devices infected by Chaos malware are located in Europe, particularly Italy but infections were also observed in Asia Pacific, South America, and North America. This is a post from HackRead.com Read the original post: New DDoS Malware ‘Chaos’ Hits Linux and Windows Devices

Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules

The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys.

Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems

A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. "Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through

CVE-2014-8361: D-Link Technical Support

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

HackRead: Latest News

DOJ Proposes Breaking Up Google: Calls for Sale of Chrome Browser