GorillaBot and DDoS attacks

IT Security Learning

GorillaBot is a new and aggressive botnet family that emerged in September 2024, becoming highly active and issuing over 300,000 Distributed Denial of Service (DDoS) attack commands in a short span of time. This botnet is a modified version of the Mirai source code and supports multiple CPU architectures such as ARM, MIPS, x86_64, and x86.

Key Characteristics:

Global Impact: Targeted over 100 countries, with China and the U.S. being the hardest hit, affecting universities, government websites, telecoms, banks, and gaming sectors.
Attack Methods: Uses various DDoS techniques, including UDP Flooding (41%), ACK BYPASS Flood (24%), and VSE Flood (12%). It exploits UDP protocol for IP spoofing to generate high traffic with a limited number of bots.
Counter-Detection Awareness: Demonstrates advanced techniques to maintain control over compromised IoT devices and cloud hosts while using encryption methods to hide critical data, likely influenced by the KekSec group.
Command and Control (C&C): Operates with five built-in C&C servers, randomly selecting one for connection upon infection and awaiting commands.

GorillaBot’s ability to continuously evolve and hide its tracks makes it a significant emerging threat in the cybercrime landscape, particularly for critical infrastructure.

« Older Entries

GorillaBot and DDoS attacks

Key Characteristics:

Latest Post:

AI and Machine Learning in Cybersecurity

SOAR to automate and coordinate security operations tasks and workflows

CIS Controls Framework Overview

Pin It on Pinterest