Tag Archive for: Hijacks

Vast botnet hijacks smart TVs for prime-time cybercrime • The Register

/in


Updated Security researchers have pinned a DDoS botnet that’s infected potentially millions of smart TVs and set-top boxes to an eight-year-old cybercrime syndicate called Bigpanzi.

At least 170,000 bots were running daily at the campaign’s height after infecting Android-based TVs and other streaming hardware via pirated apps and firmware updates.

A common infection scenario would see a user visit a dodgy streaming site while browsing on their smartphone, only to then be pushed into downloading the associated malicious app to their Android-based smart TV.

A user would then have their device backdoored and its resources made available for use in various cybercrimes, including DDoS attacks and hijacking other streams, replacing other channels’ content with an attacker’s.

Such a case happened in the United Arab Emirates back in December 2023, for example, where regular broadcasts were hijacked with imagery from inside the conflict between Israel and Palestine.

“The potential for Bigpanzi-controlled TVs and STBs to broadcast violent, terroristic, or pornographic content, or to employ increasingly convincing AI-generated videos for political propaganda, poses a significant threat to social order and stability,” said researchers at Chinese security biz Qianxin.

The researchers didn’t detail the history of the botnet’s DDoS activity or blame it for any high-profile attacks, but to get a feel for what it’s capable of, its DDoS commands are inherited from the infamous Mirai.

Qianxin’s investigation revealed the malware, called pandoraspear, added 11 different Mirai-related DDoS attack vectors to its list of commands after the first few versions had comparably weaker tools in this area.

As we all know, Mirai was responsible for some of the most high-profile DDoS attacks from yesteryear, including those on Dyn, GitHub, Reddit, and Airbnb – all falling on that one October 2016 day that broke the internet (not in the viral sensation kind). It’s also a malware that just keeps cropping up and is under active development to this day.

In trying to trace the identity of those behind pandoraspear, Qianxin’s researchers eventually narrowed their search down to a single company but…

Source…

‘Pandoraspear’ botnet hijacks smart TVs and boxes

/in


Cybercrime syndicate Bigpanzi stands accused of orchestrating a massive Distributed Denial of Service (DDoS) botnet named ‘Pandoraspear’.

Pandoraspear has reportedly infected potentially millions of smart TVs and set-top boxes, with at least 170,000 bots actively running during the campaign’s peak.

The infection mechanism primarily targets Android-based smart TVs and streaming hardware, exploiting users who visit dubious streaming sites on their smartphones. Upon accessing such sites, users unwittingly download malicious apps to their Android-based smart TVs—allowing cybercriminals to backdoor the devices and use their resources for various cybercrimes.

One alarming case in December 2023 involved the hijacking of regular broadcasts in the United Arab Emirates, where imagery from the conflict between Israel and Palestine replaced the original content. Security researchers from Chinese firm Qianxin have expressed concerns about the potential for these compromised devices to broadcast violent, terroristic, or pornographic content, posing a significant threat to social order.

The botnet, named ‘Pandoraspear,’ has inherited DDoS attack vectors from the infamous Mirai malware. Qianxin’s investigation revealed that the malware added 11 different Mirai-related DDoS attack vectors to its command list, showcasing the evolving nature of cybercrime tactics.

Bigpanzi – active since at least 2015 – has concentrated its efforts primarily in Brazil, particularly in São Paulo. The scale of the botnet became apparent when researchers seized control of two of the nine domains used for the botnet’s command and control infrastructure. However, the criminals responded by launching DDoS attacks to force the domains offline.

Despite the researchers’ efforts, much remains unknown about Bigpanzi, and tracing their activities is an ongoing challenge. The cybercrime syndicate appears to have shifted its DDoS operations to another botnet—indicating a strategic shift towards more lucrative cybercrimes, such as using it as a content delivery network.

As cybersecurity experts continue their investigation into Bigpanzi,…

Source…

FBI hijacks Russian hackers’ computer infrastructure

/in


(MENAFN– UkrinForm) The U.S. Federal Bureau of Investigation has made a pre-emptive move to hinder a Russian operation for creating another botnet.

That’s according to the Center for Countering Disinformation at the National Security and Defense Council of Ukraine, Ukrinform reports.

The U.S. Federal Bureau of Investigation has wrested control of thousands of routers and firewall appliances from Russian military hackers by hijacking the same infrastructure Moscow’s spies were using to communicate with the devices, according to Reuters .

Read also: Another cyberattack ongoing on Ukraine government networks

The unusual operation was a pre-emptive move to stop Russian hackers from mobilizing the compromised devices into a“botnet” – a network of hacked computers that can bombard other servers with rogue traffic.

Meanwhile, the BanderaHackers group attacked five state-owned Belarusian procurement and export platforms, gaining access to confidential information and defacing their websites with anti-war appeals.

Anonymous earlier hacked the all-Russian state television and radio broadcaster, which operates Rossiya 1 TV, and attacked the server of a Lipetsk-based producer of components for anti-aircraft missile systems.

As Ukrinform reported, in early April, the Anonymous said it had published personal data of 120,000 Russian military servicemen deployed in Ukraine.

MENAFN10042022000193011044ID1103987513


Legal Disclaimer: MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.

Source…

FBI hijacks Russian hackers’ computer infrastructure

/in


The U.S. Federal Bureau of Investigation has made a pre-emptive move to hinder a Russian operation for creating another botnet.

That’s according to the Center for Countering Disinformation at the National Security and Defense Council of Ukraine, Ukrinform reports.

The U.S. Federal Bureau of Investigation has wrested control of thousands of routers and firewall appliances from Russian military hackers by hijacking the same infrastructure Moscow’s spies were using to communicate with the devices, according to Reuters.

Read also: Another cyberattack ongoing on Ukraine government networks

The unusual operation was a pre-emptive move to stop Russian hackers from mobilizing the compromised devices into a “botnet” – a network of hacked computers that can bombard other servers with rogue traffic.

Meanwhile, the BanderaHackers group attacked five state-owned Belarusian procurement and export platforms, gaining access to confidential information and defacing their websites with anti-war appeals.

Anonymous earlier hacked the all-Russian state television and radio broadcaster, which operates Rossiya 1 TV, and attacked the server of a Lipetsk-based producer of components for anti-aircraft missile systems.

As Ukrinform reported, in early April, the Anonymous said it had published personal data of 120,000 Russian military servicemen deployed in Ukraine.

Source...