ShiftDelete.net
FOLLOW US

Diicot’s leap: From cryptojacking to DDoS via Cayosin

The Romanian threat actor Diicot expands its repertoire, incorporating a diverse range of attacks, including DDoS attacks via the Cayosin.

Diicot’s leap: From cryptojacking to DDoS via Cayosin

In a realm where cybersecurity is paramount, threat actors continually up their game. Among them, the Romanian entity known as Diicot recently introduced new threats, displaying a shift in its strategies to include distributed denial-of-service (DDoS) attacks.

Diicot’s dark evolution

Named after the Romanian organized crime and anti-terrorism policing unit, Diicot, formerly known as Mexals, has been active since its identification by Bitdefender in July 2021. Initially employing a Go-based SSH brute-forcer tool named Diicot Brute, it targeted Linux hosts, conducting cryptojacking campaigns.

In October 2022, Akamai noted an escalation in Diicot’s activity, revealing the group’s profit of approximately $10,000 from its exploits. Their tactics had become more sophisticated, with the deployment of a Monero cryptominer after several payloads, enhanced payload obfuscation, and a new LAN spreader module.

A dive into Diicot’s expanding tactics

The latest findings from Cado Security indicate a shift in strategy, with the threat actor now employing a botnet known as Cayosin, sharing traits with notorious malware families such as Qbot and Mirai. This change indicates the group’s capability to execute DDoS attacks. Other operations include doxxing rival hacking groups and using Discord for command-and-control and data exfiltration.

Diicot targets routers operating on the Linux-based embedded system, OpenWrt. Their willingness to apply a range of attack methods, beyond mere cryptojacking, depends on the nature of their targets.

Diicot’s primary mode of attack has been the custom SSH brute-forcing utility, which allows them to gain access and drop additional malware, including the Mirai variant and crypto miners.

Recommendations for mitigating Diicot’s threats

The best defense against such attacks includes implementing SSH hardening strategies and limiting SSH access via firewall rules. Cado Security emphasizes the importance of securing SSH servers exposed to the internet with password authentication, given the limited and easily guessed credentials used by Diicot.

The escalation in Diicot’s operations underlines the ever-evolving nature of cyber threats. As they expand their techniques, so too should the vigilance and preparation of those at risk. We’d love to hear your thoughts on this developing story. Please share your opinions and experiences in the comments section below.

crptojacking
DDoS
Diicot

SDN Comments 0 Comments

Comment

HOW TOAll

Related News

Indonesia expects Apple to invest more than 100 million dollars!
Indonesia expects Apple to invest more than 100 million dollars!
Steam Ends Support for Older Windows and macOS Versions
Valve Pulls the Plug!
universe
Our universe may not be the most suitable universe for life!
siri apple
Will the most advanced version of Siri be reserved for iOS 19?

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Desteklio