IoT devices across the world targeted by major new botnet
Matrix botnet targets IP cameras and other IoT endpoints
- Researchers from Aqua Security discover new Matrix botnet
- The botnet runs IP cameras, DVRs, routers, and similar
- Matrix was built using off-the-shelf and open source tools
Cybersecurity researchers have spotted a new malicious botnet running distributed denial of service (DDoS) attacks against victims worldwide.
Named “Matrix” by experts at Aqua Security, the botnet was created by a lone hacker gathering up different open source and otherwise free-to-use tools to create it from scratch.
The creator scanned the internet for vulnerable Internet of Things (IoT) devices such as IP cameras, DVRs, routers, and telecom equipment - they could either have a known software flaw, or could simply have an easy-to-break password.
Script kiddie
After identifying the vulnerable endpoints, the hacker would deploy Mirai - an infamous, almost decade-old malware that was behind some of the most disruptive DDoS attacks in history. Besides Mirai, the attacker would also deploy PYbot, pynet, DiscordGo, Homo Network, and other malicious tools.
Ultimately, this led to the creation of Matrix, a widespread botnet that was later offered for other crooks as a service. The sale was being facilitated via a Telegram channel called “Kraken Autobuy”, with the attacker being paid in cryptocurrency.
Its victims are scattered all over the world - from China and Japan, to Argentina, Australia, and Brazil. Egypt, India, and the US also found themselves on the list.
However, while the threat actor seems to be of Russian origin, there is a notable absence of Ukrainian targets, as the researchers believe this is because the Matrix’s “Architect” is after money, and not political or ideological agendas.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Aqua has also made an interesting observation, calling the attacker a “script kiddie”. This is a derogatory term in the cybersecurity community, usually describing an inexperienced, or unskilled hacker. The researchers did it because the attacker used off-the-shelf solutions, rather than building custom solutions on their own.
However, they also hinted that script kiddies could become a much bigger threat in the future:
"This campaign, while not highly sophisticated, demonstrates how accessible tools and basic technical knowledge can enable individuals to execute a broad, multi-faceted attack on numerous vulnerabilities and misconfigurations in network-connected devices," they said.
"The simplicity of these methods highlights the importance of addressing fundamental security practices, such as changing default credentials, securing administrative protocols, and applying timely firmware updates, to protect against broad, opportunistic attacks like this one."
You might also like
- Zyxel VPN security flaw targeted by new ransomware attackers
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.