Security
Headlines
HeadlinesLatestCVEs

Headline

Gaming Firms and Community Members Hit by Dark Frost Botnet

By Deeba Ahmed According to researchers, the most prominent targets of Dark Frost include gaming companies, online streaming services, game server hosting providers, and gaming community members. This is a post from HackRead.com Read the original post: Gaming Firms and Community Members Hit by Dark Frost Botnet

HackRead
#web#mac#ddos#nodejs#git#intel#rce#botnet#auth

Researchers believe Dark Frost was created using stolen/leaked source code from Qbot, Gafgyt, and Mirai malware to carry out DDoS attacks.

Web infrastructure company Akamai’s Security Intelligence Response Team has discovered a new botnet targeting the gaming industry with DDoS attacks.

Akamai security researcher Allen West explained that they had dubbed this botnet Dark Frost. Per their analysis, this botnet is similar to several previously discovered botnets and malware strains, including Qbot, Gafgyt, and Mirai. Researchers believe Dark Frost was created using stolen code from these strains to allow attackers to carry out DDoS attacks successfully.

How Was it Discovered?

Akamai flagged the botnet in February 2023, but they believe the attacker has been active since May 2022. When Akamai researchers reverse-engineered the botnet, its potential was reported at 629.28 Gbps via a UDP flood attack. The first binary sample was collected on February 28 in Akamai SIRT’s HTTP Honeypots.

Reportedly, the threat actor targeted misconfigurations in Hadoop YARN servers, which enabled them to conduct remote code execution. This YARN misconfiguration has existed since 2014 but has yet to be assigned a CVE, so attackers can trick the server into downloading/running their malicious binary.

Prominent Targets

According to Akamai’s blog post, the most prominent targets of Dark Frost include gaming companies, online streaming services, game server hosting providers, and gaming community members. In fact, researchers noted that the attacker has directly interacted with these members.

What is the Motive?

Researchers could not determine the exact motive of this campaign, but they suspect it is geared toward attention-seeking. Interestingly, the threat actor has even published live recordings of the attacks.

They have also been boasting about these attacks on social media, too, claiming they used the botnet to settle scores with adversaries and leave digital signatures on binary files. The actor has also created a Discord channel to offer DDoS services in exchange for money, which indicates this campaign could also be financially motivated.

The author of the Dark Frost botnet is bragging about a successful attack on Rogue Company servers. (Image: Akamai)

Rapidly Increasing Army of Bots

Typically, botnets comprise hundreds and thousands of compromised devices located worldwide. In Dark Frost’s case, it has included hundreds of compromised devices within a short period. Until February 2023, this botnet had 414 compromised machines running different instruction set architectures, including x86, ARMv4, ARM7, MIPSEL, and MIPS.

RELATED ARTICLES

  1. Online gaming and protection against cyber attacks
  2. RapperBot malware hits gaming servers with DDoS attacks
  3. Gaming Giant Activision Employees Hit by SMS Phishing Attack
  4. Gaming controllers manufacturer exposed 1.1M customer records
  5. How data collected in gaming can be used to breach user privacy

HackRead: Latest News

Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden