Botnet attacks are becoming increasingly sophisticated, wreaking havoc on IoT devices. However, according to the most recent incident, the botnet army is now targeting devices from multiple cloud provider platforms.
360Netlab researchers have discovered a new botnet called Abcbot, which is coded in the Go programming language.
The botnet, which is still being developed, was discovered for the first time in July 2021.
The DGA feature was added to the botnet as time went on, allowing it to generate new domain names and IP addresses.
It currently has the capability to self-update, set up a web server, launch DDoS attacks, and spread like a worm. Abcbot uses nine different types of DDoS attack tactics.
Weak passwords and the WebLogic Server’s N-Day vulnerability are used by the botnet to achieve worm-like propagation features.
To breach networks, it scans for weak passwords for SSH, FTP, PostgreSQL, Redis, Mssql, and Mongo.
Currently, the botnet is being used against Linux systems.
According to researchers, Abcbot is gradually moving from infancy to maturity. The botnet’s creators are experimenting with various technologies in order to improve the botnet’s capabilities. Although the botnet’s update process has not been continuous since its emergence, researchers anticipate there will be much more to witness as it nears its final stage.