Go-based Chaos malware is rapidly growingSecurity

Category: Wordpress News
Original source: securityaffairs.co
Read time: < 2 minutes
Sentiment bias: Negative
Sentiment Score: -0.83557
Published: Oct 6th, 2022
Go-based Chaos malware is rapidly growingSecurity

Quick Read

The Chaos malware includes capabilities previously documented in the original Kaiji Linux botnet.
The experts analyzed roughly 100 samples of the Chaos malware, which was written in Chinese and relies on a China-based C2 infrastructure.
“Given the suitability of the Chaos malware to operate across a range of consumer and enterprise devices, its multipurpose functionality and the stealth profile of the network infrastructure behind it, we assess with moderate confidence this activity is the work of a cybercriminal actor that is cultivating a network of infected devices to leverage for initial access, DDoS attacks and crypto mining.
The Chaos malware supports more than 70 different commands, including executing propagation through the exploitation of pre-determined CVEs, launching DDoS attacks or starting crypto mining.
” Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini (SecurityAffairs – hacking, Chaos malware)
“Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through stealing and brute forcing SSH private keys, as well as launch DDoS attacks.
The experts were able to enumerate the C2s and targets of multiple distinct Chaos clusters, some of which were employed in recent DDoS attacks against the gaming, financial services and technology, and media and entertainment industries.

Go-based Chaos malware is rapidly growingSecurity

A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn. Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux. The malicious code was developed to target a broad range of devices, including small office/home office (SOHO) routers and enterprise servers. The Chaos malware includes capabilities previously documented in the original Kaiji Linux botnet. The experts analyzed roughly 100 samples of the Chaos malware, which was written in Chinese and relies on a China-based C2 infrastructure. “Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through stealing and brute forcing SSH private keys, as well as launch DDoS attacks.” reads the analysis published by Lumen Technologies. The experts were able to enumerate the C2s and targets of multiple distinct Chaos clusters, some of which were employed in recent DDoS attacks against the gaming, financial services and technology, and media and entertainment industries. researchers warn that despite the botnet infrastructure today is comparatively smaller than some of the leading DDoS malware families, Chaos is rapidly growing. “Given the suitability of the Chaos malware to operate across a range of consumer and enterprise devices, its multipurpose functionality and the stealth profile of the network infrastructure behind it, we assess with moderate confidence this activity is the work of a cybercriminal actor that is cultivating a network of infected devices to leverage for initial access, DDoS attacks and crypto mining.” continues the report. The analysis of the infections from mid-June to mid-July 2022 revealed that most of the bots are located in Europe, specifically Italy. Other infections were observed in North and South America and Asia Pacific. The Chaos malware supports more than 70 different commands, including executing propagation through the exploitation of pre-determined CVEs, launching DDoS attacks or starting crypto mining. Some samples analyzed by the experts were able to exploit the CVE-2017-17215 and CVE-2022-30525, respectively impacting Huawei and Zyxel devices. “While the shift to Go-based malware has been underway for the last few years, there are few strains that demonstrate the breadth of Chaos in terms of the wide array of architectures and operating systems it was designed to infect. Not only does it target enterprise and large organizations but also devices and systems that aren’t routinely monitored as part of an enterprise security model, such as SOHO routers and FreeBSD OS.” concludes the report. “And with a significant evolution from its predecessor, Chaos is achieving rapid growth since the first documented evidence of it in the wild..” Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini (SecurityAffairs – hacking, Chaos malware)
The Original Article can be found on securityaffairs.co

Recent Wordpress News Articles

CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of …

Read more here
CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities
BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million

A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial frau …

Read more here
BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million
Five Steps to Mitigate the Risk of Credential Exposure

Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for ac …

Read more here
Five Steps to Mitigate the Risk of Credential Exposure
Back to Basics: Cybersecurity's Weakest Link

A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you're often promised a fast, simple fix that will take care of all your cybersecurity nee …

Read more here
Back to Basics: Cybersecurity's Weakest Link
Researchers Uncover Covert Attack Campaign Targeting Military Contractors

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy …

Read more here
Researchers Uncover Covert Attack Campaign Targeting Military Contractors
Latest News
Help & How To's
Around the Web