The New Oil
AllAboutSecurityKazuar: Anatomie eines modularen Spionage-Botnetzes des russischen Geheimdienstes
- Das Ergebnis ist ein Botnetz, das aus drei voneinander getrennten Modultypen besteht, die jeweils klar definierte Aufgaben übernehmen.
Kazuar: Anatomie eines modularen Spionage-Botnetzes des russischen Geheimdienstes
Kazuar-Malware des FSB-nahen Akteurs Secret Blizzard: Architektur, Module und Funktionsweise des P2P-Botnetzes im Überblick.
securityaffairsRussian APT #Turla builds long-term access tool with #Kazuar #Botnet evolution
https://securityaffairs.com/192231/apt/russian-apt-turla-builds-long-term-access-tool-with-kazuar-botnet-evolution.html
#securityaffairs #hacking
https://securityaffairs.com/192231/apt/russian-apt-turla-builds-long-term-access-tool-with-kazuar-botnet-evolution.html
#securityaffairs #hacking
OTX BotKazuar: Anatomy of a nation-state botnet
Kazuar is a sophisticated malware attributed to Russian state actor Secret Blizzard, having evolved from a traditional backdoor into a highly modular peer-to-peer botnet ecosystem. The malware comprises three distinct module types—Kernel, Bridge, and Worker—that distribute functionality across infected systems. A leadership election mechanism ensures only one Kernel module communicates externally, reducing detection opportunities. The architecture supports flexible configuration with over 150 options, multiple C2 channels including HTTP, WebSockets, and Exchange Web Services, and extensive data collection capabilities. Secret Blizzard primarily targets government, diplomatic, and defense organizations in Europe, Central Asia, and Ukraine to support Russian foreign policy and military intelligence objectives. The botnet maintains persistent access through sophisticated IPC mechanisms, staged data exfiltration during working hours, and comprehensive anti-analysis checks.
Pulse ID: 6a062c383bdae760fc221b6f
Pulse Link: https://otx.alienvault.com/pulse/6a062c383bdae760fc221b6f
Pulse Author: AlienVault
Created: 2026-05-14 20:10:32
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #BackDoor #CentralAsia #CyberSecurity #Europe #Government #HTTP #InfoSec #Kazuar #Malware #Military #NATO #OTX #OpenThreatExchange #RAT #Russia #SMS #UK #Ukr #Ukraine #bot #botnet #AlienVault
RedPacket SecurityKazuar: Anatomy of a nation-state botnet - https://www.redpacketsecurity.com/kazuar-anatomy-of-a-nation-state-botnet/
#threatintel
#kazuar
#secret-blizzard
#botnet
#malware-analysis
#threat-intelligence
OHIIHO🆕 New report from OHIIHO Research
Watcher-NetAI / skn — a Linux SSH botnet observed on two of our honeypot meshes. 10 MB Go scanner with intact DWARF: source tree, module name, capability map, all visible. The loader is hardened; the scanner is not.
→ Stage-2 C2 on connexionlost{net,zip} → 194[.]5[.]97[.]46
→ Non-root systemd-user persistence (hunting blind spot)
→ Ships YARA + 4 Sigma rules + 34 IOCs + KQL queries
Full report (Part 1/2):
https://research.ohiiho.com/reports/2026-05-watcher-netai-skn/
SOC brief (Part 2/2):
https://research.ohiiho.com/reports/2026-05-watcher-netai-skn-brief/
AANew.
Microsoft: Kazuar: Anatomy of a nation-state botnet https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/ #Microsoft #infosec #botnet #threatintel #threatintelligence #malware
Kazuar: Anatomy of a nation-state botnet | Microsoft Security Blog
Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations. Over time, Kazuar has expanded from a relatively traditional backdoor into a highly modular peer-to-peer (P2P) botnet ecosystem designed to enable persistent, covert access to target environments.
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Pulse ID: 6a02ae32b11ecc72977b2a1b
Pulse Link: https://otx.alienvault.com/pulse/6a02ae32b11ecc72977b2a1b
Pulse Author: Tr1sa111
Created: 2026-05-12 04:36:02
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HoneyPot #InfoSec #OTX #OpenThreatExchange #bot #botnet #Tr1sa111
Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.
Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault
CyberNetsecIO📰 Mirai Variant 'xlabs_v1' Builds DDoS Botnet by Hijacking IoT Devices with Exposed ADB Ports
🚨 New Mirai-based botnet 'xlabs_v1' hijacks IoT devices & Android TVs via exposed ADB ports (TCP/5555). The botnet is used for DDoS-for-hire services, targeting Minecraft servers. #Mirai #Botnet #DDoS #IoTSecurity
