ShiftDelete.net
BİZİ TAKİP EDİN

Diicot’s leap: From cryptojacking to DDoS via Cayosin

The Romanian threat actor Diicot expands its repertoire, incorporating a diverse range of attacks, including DDoS attacks via the Cayosin.

Diicot’s leap: From cryptojacking to DDoS via Cayosin

In a realm where cybersecurity is paramount, threat actors continually up their game. Among them, the Romanian entity known as Diicot recently introduced new threats, displaying a shift in its strategies to include distributed denial-of-service (DDoS) attacks.

Diicot’s dark evolution

Named after the Romanian organized crime and anti-terrorism policing unit, Diicot, formerly known as Mexals, has been active since its identification by Bitdefender in July 2021. Initially employing a Go-based SSH brute-forcer tool named Diicot Brute, it targeted Linux hosts, conducting cryptojacking campaigns.

In October 2022, Akamai noted an escalation in Diicot’s activity, revealing the group’s profit of approximately $10,000 from its exploits. Their tactics had become more sophisticated, with the deployment of a Monero cryptominer after several payloads, enhanced payload obfuscation, and a new LAN spreader module.

A dive into Diicot’s expanding tactics

The latest findings from Cado Security indicate a shift in strategy, with the threat actor now employing a botnet known as Cayosin, sharing traits with notorious malware families such as Qbot and Mirai. This change indicates the group’s capability to execute DDoS attacks. Other operations include doxxing rival hacking groups and using Discord for command-and-control and data exfiltration.

Diicot targets routers operating on the Linux-based embedded system, OpenWrt. Their willingness to apply a range of attack methods, beyond mere cryptojacking, depends on the nature of their targets.

Diicot’s primary mode of attack has been the custom SSH brute-forcing utility, which allows them to gain access and drop additional malware, including the Mirai variant and crypto miners.

Recommendations for mitigating Diicot’s threats

The best defense against such attacks includes implementing SSH hardening strategies and limiting SSH access via firewall rules. Cado Security emphasizes the importance of securing SSH servers exposed to the internet with password authentication, given the limited and easily guessed credentials used by Diicot.

The escalation in Diicot’s operations underlines the ever-evolving nature of cyber threats. As they expand their techniques, so too should the vigilance and preparation of those at risk. We’d love to hear your thoughts on this developing story. Please share your opinions and experiences in the comments section below.

crptojacking
DDoS
Diicot

SDN Yorumları 0 Yorum

Yorum Yap

İlgili Haberler

arc raiders
The first gameplay video from the highly anticipated Arc Raiders is here!
terraria
It’s not getting old! 13-year-old game beats all AAA games
galaxy s25
The Galaxy S25 series could be introduced much earlier than expected!
Days before the launch, an image of the Redmi K80 Pro has emerged!
Days before the launch, an image of the Redmi K80 Pro has emerged!

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net, İnternet Medyası ve Bilişim Muhabirleri Derneği üyesidir.

Desteklio