Select Page

Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage ‘distributed denial-of-service‘ attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services.

The botnet, named “dark_nexus” by Bitdefender researchers, works by employing credential stuffing attacks against a variety of devices, such as routers (from Dasan Zhone, Dlink, and ASUS), video recorders, and thermal cameras, to co-opt them into the botnet.

So far, dark_nexus comprises at least 1,372 bots, acting as a reverse proxy, spanning across various locations in China, South Korea, Thailand, Brazil, and Russia.

“While it might share some features with previously known IoT botnets, the way some of its modules have been developed makes it significantly more potent and robust,” the researchers said. “For example, payloads are compiled for 12 different CPU architectures and dynamically delivered based on the victim’s configuration.”

Evidence gathered by Bitdefender points to greek.Helios as the individual behind the development of dark_nexus, who is a known botnet author infamous for selling DDoS services on social media platforms and using a YouTube channel to advertise its capabilities.

images from Hacker News