We strongly recommend against providing services to entities whose AS or IP networks are listed in Spamhaus (ASN-)DROP - learn more here 
https://www.spamhaus.org/blocklists/do-not-route-or-peer/
Massive botnet that appeared overnight is delivering record-size DDoSes - A newly discovered network botnet comprising an estimated 30,000 webcams a... - https://arstechnica.com/security/2025/03/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/ #distributeddenialofserviceattacks #internetofthings #uncategorized #ddosattacks #security #botnets #biz&it
13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks https://thehackernews.com/2025/01/13000-mikrotik-routers-hijacked-by.html
Thousands of hacked TP-Link routers used in years-long account takeover attacks - Hackers working on behalf of the Chinese government are using a botnet of ... - https://arstechnica.com/information-technology/2024/11/microsoft-warns-of-8000-strong-botnet-used-in-password-spraying-attacks/ #passwordspraying #microsoft #security #botnets #tp-link #biz&it
Cyber threats are increasingly using #cloud services for C2 operations.
The @FortiGuardLabs team has been monitoring #botnets abusing cloud services to enhance their malicious capabilities and distribute #malware payloads. Learn more 
https://ftnt.net/61108glrhu
Operation Endgame - Largest Ever Operation Against Botnets Hits Dropper Malware Ecosystem
Date: May 30, 2024
CVE: Not specified
Vulnerability Type: Malware
CWE: [[CWE-94]], [[CWE-502]]
Sources: Europol News, Eurojust News
Issue Summary
Europol, in coordination with law enforcement agencies from multiple countries, conducted the largest ever operation targeting botnets. This operation, dubbed "Operation Endgame," took place from May 27 to 29, 2024, and led to the disruption of major malware droppers including IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee. The effort resulted in four arrests and the takedown of over 100 servers worldwide. These droppers were used to facilitate ransomware and other cyber-attacks by installing additional malware onto target systems. The operation was supported by Eurojust and involved contributions from countries including France, Germany, the Netherlands, Denmark, the UK, the US, and others. Private partners also played a role in the operation, which aimed to dismantle the infrastructure supporting these malicious activities. The success of this operation marks a significant step in combating cybercrime on a global scale.
Operation Endgame, coordinated by Europol, dismantled several major botnets including IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee. This international effort involved law enforcement agencies from multiple countries and led to the arrest of four individuals and the takedown of over 100 servers. The botnets targeted facilitated ransomware and other cyber-attacks.
Technical Key Findings
The malware droppers involved are designed to infiltrate systems and install additional malware, often avoiding detection through sophisticated evasion techniques. These droppers were used to deploy ransomware and other malicious payloads by bypassing security measures and enabling further system compromises.
Vulnerable Products
The operation did not specify particular products but targeted the infrastructures supporting droppers like IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee.
Impact Assessment
If abused, these vulnerabilities could lead to widespread ransomware attacks, financial losses, and significant disruption of services. The infrastructure taken down had facilitated numerous cyber-attacks globally, highlighting the severe impact on cybersecurity.
Patches or Workaround
The report did not mention specific patches or workarounds. However, continuous monitoring and updating of security measures are recommended to protect against such threats.
Tags
US sanctions operators of “free VPN” that routed crime traffic through user PCs - Enlarge (credit: Getty Images)
The US Treasury Department has ... - https://arstechnica.com/?p=2027288 #residentialproxyservices #treasurydepartment #security #botnets #biz&it
Thousands of phones and routers swept into proxy service, unbeknownst to users - Enlarge (credit: Getty Images)
Crooks are working overtime to ... - https://arstechnica.com/?p=2012682 #anonymousproxy #security #android #botnets #routers #biz #phones
Attack wrangles thousands of web users into a password-cracking botnet - Enlarge (credit: Getty Images)
Attackers have transformed hund... - https://arstechnica.com/?p=2008817 #passwordcracking #passwords #security #websites #botnets #biz&it
About 3 million smart #toothbrushes have been infected by #hackers & enslaved into #botnets
The toothbrushes were used in a #DDoS attack on a Swiss company’s website. The firm’s site collapsed under the strain of the attack, reportedly resulting in the loss of millions of Euros of business.
In this particular case, the toothbrush botnet was thought to have been vulnerable due to its Java-based OS
Linux devices are under attack by a never-before-seen worm - Enlarge (credit: Getty Images)
For the past year, previously u... - https://arstechnica.com/?p=1994946 #internetofthings #security #botnets #biz #botnet #mirai
And we’re on Mastodon!
If you’re new to The Spamhaus Project, check out our bio above 
Ultimately, we’re here to build a community. A community of like-minded individuals, who want to make the internet a safer place. On Mastodon, we’ll be sharing latest threat intelligence from our researchers and threat hunters, and we’d like to invite you to do the same….
Earlier this month, we launched our Threat Intel Community, giving anyone the ability to submit malicious domains, IPs, email source codes, or URLs to Spamhaus through our user-friendly portal.
If you’re curious to know more, read this blog:
https://www.spamhaus.org/news/article/821/want-to-submit-data-be-our-guest
Or visit the Threat Intel Community here:
https://submit.spamhaus.org
If you use a cheap, no-name branded Android TV box, it’s likely compromised from the factory and using your internet connection and network for all sorts of nefarious things.
RT @EC3Europol: The #GenesisMarket takedown was a #lawenforcement priority given the platform’s ability to facilitate all types of #cybercrime
1.5M bot listings
2M identities
Learn more about this unprecedented operation led by 
@FBI 
@Politie and click to discover how #botnets work 
: https://n.respublicae.eu/Europol/status/1643589780456783874
Y'all remember #KmsdBot @larry has been working on? the cryptomining botnet that landed on one of our honeypots earlier this year?
Part three is live now, this time discussing attack traffic. The highlights:
we believe it's DDoS for hire
victims are mostly in Asia, North America, and Europethere's an interesting lack of activity in Russia and surrounding territories possibly pointing to the origins two notable targets for FiveM and RedM, (gaming mods for GTA V and RDR2) which can tell us a lot about who its customers are.
https://www.akamai.com/blog/security-research/kmsdbot-part-three-examining-attack-traffic
Microsoft discovers Windows/Linux botnet used in DDoS attacks - Enlarge (credit: Aurich Lawson / Ars Technica)
Microsoft resea... - https://arstechnica.com/?p=1904898 #distributeddenialofserviceattacks #botnets #biz #ddos
A try at my #introduction in English...
First a few keywords: #gendarmerie (one of France's national #LawEnforcement) #forensics #malware #botnets #science.
Organizer - together with a great team of volunteers of #Botconf https://www.botconf.eu (The International Botnet & Malware Ecosystems Fighting Conference) @botconf since 2013 & #coriin (conference on incident response and digital investigations).
To know me better, you can find more info in my profile and of course by chatting with me 
OK, this seems fun, so here's my #introduction
I'm a computer nerd from Germany, and finished my masters degree this year. I wrote my thesis about the monitoring of #p2p #botnets, the detection thereof using #graphtheory and how to prevent detection using a #collaborated #crawling approach. Beside that I did some #sSoftwareEngineering professionally and for fun.
I am generally interested in #malware, mostly oldschool parasitic viruses.
Sometimes I play #CTF.
Currently I'm looking to get into #InfoSec professionally or academically.
Other stuff I enjoy includes #rust, #linux, #OpenSource, #selfhosing, #NixOS, #FunctionalProgamming and #AnalogPhotograpgy
Botnet that hid for 18 months boasted some of the coolest tradecraft ever - Enlarge
It’s not the kind of security discovery that happens ... - https://arstechnica.com/?p=1851778 #advancedpersistentthreat #espionage #botnets #biz&it #apt
'/%3e%3cpath%20d='M50.3943%2022.237V39.5876H43.5185V22.7481C43.5185%2019.2029%2042.0411%2017.3949%2039.036%2017.3949C35.7325%2017.3949%2034.0778%2019.5338%2034.0778%2023.7585V32.9759H27.2434V23.7585C27.2434%2019.5338%2025.5857%2017.3949%2022.2822%2017.3949C19.2949%2017.3949%2017.8027%2019.2029%2017.8027%2022.7481V39.5876H10.9298V22.237C10.9298%2018.6918%2011.835%2015.8754%2013.6453%2013.7877C15.5128%2011.7049%2017.9623%2010.6355%2021.0028%2010.6355C24.522%2010.6355%2027.1813%2011.9885%2028.9542%2014.6917L30.665%2017.5633L32.3788%2014.6917C34.1517%2011.9885%2036.811%2010.6355%2040.3243%2010.6355C43.3619%2010.6355%2045.8114%2011.7049%2047.6847%2013.7877C49.4931%2015.8734%2050.3963%2018.6899%2050.3943%2022.237Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_89_8'%20x1='30.5'%20y1='0'%20x2='30.5'%20y2='65'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%236364FF'/%3e%3cstop%20offset='1'%20stop-color='%23563ACC'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
H3lium@infosec.exchange/:~# 
