Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks.
“The Diicot name is significant, as it’s also the name of the Romanian organized crime and anti-terrorism policing unit,” Cado Security said in a technical report. “In addition, artifacts from the group’s campaigns contain messaging and imagery related to this organization.”
Diicot (née Mexals) was first documented by Bitdefender in July 2021, uncovering the actor’s use of a Go-based SSH brute-forcer tool called Diicot Brute to breach Linux hosts as part of a cryptojacking campaign.
Then earlier this April, Akamai disclosed what it described as a “resurgence” of the 2021 activity that’s believed to have started around October 2022, netting the actor about $10,000 in illicit profits.
images from Hacker News