2023: A new year, a new botnet
Posted on 2023-01-13 16:07:46 UTC
Greetings and welcome to 2023! After some slowdowns over the Christmas holidays, things have seemed to pick up again in the past couple days. It appears that a new botnet is making it's rounds. News from ASEC was published on January 4th indicating that South Korean IPs were being attacked by a shell script malware that installs a perl-based C&C botnet, along with a Monero cryptominer. On January 12, we started seeing an uptick on scans for SSH ports coming from South Korea, as well as Taiwan, Japan, and China to name a few. It remains unknown at this time what the long term effects of this botnet will be, or their intentions, but only time will tell. Over 2000 new IPs have been picked up by NUBI in the past 36 hours, but this number could be a lot larger. If you have considered donating in the past, now might be a good time to do so, as the more reporters watching the traffic, the less of a chance the botnet will have to scan your networks before they scan NUBI reporters. Stay safe, have a happy 2023, and thank you for your continued suppport.ASEC Report BleepingComputer News Report