The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network.
Microsoft Threat Intelligence Centre (MSTIC) is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or developing activity clusters.
Zerobot, first documented by Fortinet FortiGuard Labs earlier this month, is a Go-based malware that propagates through vulnerabilities in web applications and IoT devices like firewalls, routers, and cameras.
“The most recent distribution of Zerobot includes additional capabilities, such as exploiting vulnerabilities in Apache and Apache Spark (CVE-2021-42013 and CVE-2022-33891 respectively), and new DDoS attack capabilities,” Microsoft researchers said.
Also called ZeroStresser by its operators, the malware is offered as a DDoS-for-hire service to other criminal actors, with the botnet advertised for sale on various social media networks.
images from Hacker News