EnemyBot is expanding rapidly. According to security researchers at AT&T Alien Labs, the botnet targets more and more platforms.
EnemyBot is rapidly expanding its ecosystem. The botnet was discovered in April and targets vulnerabilities in web servers, content management systems, IoT devices and Android-based devices. In addition, about a dozen processor architectures are now affected.
The botnet focuses on distributed DDoS attacks and scanning new targets. Since some of the latest infected devices are very powerful, security specialists believe that hackers are planning to the botnet for cryptomining.
According to AT&T Alien Labs, the botnet was created by hackers from Keksec, a well-known group responsible for attacks such as Tsunami, Gafgyt, DarkHTTP, DarkIRC and Necro. An associate of Keksec recently published EnemyBot’s source code, which allows the botnet to spread further.
EnemyBot vulnerabilities
The latest variants of EnemyBot contain 24 different exploits. Notable vulnerabilities are the critical vulnerability CVE-2022-22954 for VMware Workspace ONE and VMware Identity Manager, CVE-2022-22947 for Spring and CVE-2022-1388 for F5 BIG-IP. The RSHELL command is supported, which allows hackers to bypass firewall restrictions and gain access to infected machines.
Experts note that companies can prevent infections by quickly applying patches for the CVEs mentioned above.
15 hours ago
