BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New HinataBot botnet uses vulnerabilities in network equipment to carry out DDoS attacks

    In a recent report from Akamai, experts revealed a new Golang-based botnet called HinataBot. The botnet uses known vulnerabilities to compromise routers and servers in order to organize massive DDoS attacks.

    Among the methods used to distribute malware are the exploitation of open Hadoop YARN servers, as well as vulnerabilities in Realtek SDK (CVE-2014-8361) and Huawei HG532 routers (CVE-2017-17215).

    Old unpatched vulnerabilities and weak credential protection have become easy prey for attackers. After all, they found a documented entry point that does not require complex social engineering tactics and the like.

    The attackers behind HinataBot are said to have been active since at least December 2022. But first they used the Mirai malware in their attacks, and only then, starting on January 11, 2023, they switched to malware of their own design.

    Since the first discovery of HinataBot, Akamai experts have also found several more variations of the malware, but fresher. In them, experts found more modular functionality and additional security measures. All this indicates that HinataBot is still in the active development stage.

    HinataBot, like other similar DDoS botnets, is capable of contacting a C2 server to receive instructions and initiate attacks on targeted IP addresses within a given time.

    While early versions of the botnet used protocols such as HTTP, UDP, TCP, and ICMP to carry out DDoS attacks, the latest iteration is limited to HTTP and UDP only. Why exactly the other two protocols ceased to be involved is unknown. Maybe the authors of the malware are just experimenting.

    Akamai researchers conducted a number of HinataBot tests and, according to their calculations, in a real attack involving 10,000 bots, the maximum UDP flood rate will exceed 3.3 terabits per second (Tbps), which will lead to a powerful volumetric attack. An HTTP flood will generate approximately 27 gigabits per second (Gbps) of traffic.

    “Attackers used the Go language to take advantage of its high performance, ease of multithreading, multi-architecture support, and operating system cross-compilation, but also likely because Go complicates compilation and makes reverse engineering difficult,” Akamai said.
    Author DeepWeb
    Grouping BianLian excluded encryption from the chain of attacks
    Crown Resorts gambling company had their data lost by hackers

    Comments 0

    Add comment