CyberNews Briefs

A botnet has been cannibalizing other hackers’ web shells for more than a year

Security researchers at Positive Technologies are tracking a major botnet campaign that attacks web shells used by threat actors as part of other malware campaigns. The hackers behind the botnet previously operated a Windows Trojan called Neutrino that was used to attack desktop users. Their new campaign started in 2018 and targets web servers.

Like other botnets, Neutrino uses a variety of techniques to attack web servers. Comprised systems are infected with cryptocurrency-mining malware, which is common as well. However, the campaign differs from other botnet operations in that it also scans the web for PHP and Java web shells that have been installed on web servers by other threat actors. It then attacks these backdoors and tries to take over the shells and thereby the web servers on which they have been installed.

Read more: A botnet has been cannibalizing other hackers’ web shells for more than a year

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.