- Cybersecurity researchers have discovered a new Golang-based botnet called Zergeca capable of running powerful DDoS attacks.
- The botnet implements functionalities ranging from scanning, proxying, persistence, self-upgrades, reverse shell, file transfer, and collecting sensitive device information.
Cybersecurity researchers at the QiAnXin XLab have discovered a new Golang-based botnet named Zergeca. The botnet is reportedly capable of executing potent distributed denial-of-service (DDoS) attacks. Unlike other botnets, Zergeca supports six unique attack methods and functionalities such as scanning, proxying, persistence, self-upgrades, reverse shell, file transfer, and collecting sensitive device information.
Other unique features include prioritizing DNS over HTTPS (DoH) for command and control (C2) resolution, multiple DNS resolution methods, and using an uncommon Smux library for C2 communication. According to the research, the command and control IP address has been linked to Mirai botnets in recent months.
See More: US Supreme Court Directs Florida and Texas Courts To Reexamine Social Media Laws
In the past month alone, the Zergeca botnet has launched DDoS attacks on organizations in the United States, Canada, and Germany. However, ackFlood (atk_4), the primary attack type, targeted victims across multiple countries. The botnet’s functionality runs through persistence, proxy, silivaccine, and zombie modules.
Silivaccine and zombie modules allow the removal of competing malware and report sensitive device information, respectively. The botnet is also known for using DNS-over-HTTPS (DoH) for Domain Name System (DNS) resolution, which allows for superior evasion capabilities and challenges mitigation efforts. Being vigilant and proactive in setting defense measures has been recommended to mitigate the impact of sophisticated botnets on security efforts.
LATEST NEWS STORIES
This post was originally published on the 3rd party site mentioned in the title of this this site