Over 300,000 DDoS Attack Commands Issued by GorillaBot in One Month

Cybersecurity researchers have identified a new botnet malware family called Gorilla (aka GorillaBot), which is based on the leaked Mirai botnet source code. Discovered by NSFOCUS in September 2024, the botnet has launched over 300,000 attack commands between September 4 and September 27, 2024.

DDoS Attack Command Surge

On average, the botnet issues 20,000 daily commands for distributed denial-of-service (DDoS) attacks, with more than 100 countries being targeted, including China, the U.S., Canada, and Germany. The attacks have hit universities, government websites, telecoms, banks, and gaming platforms.

Figure 1 Attack commands

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Sophisticated DDoS Tactics

Gorilla employs advanced DDoS techniques like UDP flood, ACK BYPASS flood, Valve Source Engine (VSE) flood, and SYN flood. The botnet’s use of the UDP protocol allows for IP spoofing to generate massive amounts of traffic.

Exploiting Apache Hadoop YARN Flaw

The malware has additional capabilities to exploit a vulnerability in Apache Hadoop YARN RPC for remote code execution. The flaw has been abused since 2021, according to reports from Alibaba Cloud and Trend Micro.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: thehackernews.com

Source Link