FritzFrog botnet returns to attack healthcare, education, government sectors
According to researchers at Akamai Threat Labs, the FritzFog botnet has reappeared with a new P2P campaign. The botnet is showing growth of almost 10x in just a month. FritzFog is a peer-to-peer botnet that was discovered in January 2020, managing to strike at least 500 government enterprise SSH servers in just eight months. The botnet is written in the Golang programming language, is decentralized, and attempts to brute force its targeted servers. The botnet has attacked devices such as routers and exposed entry points on the internet. Akamai Threat Labs stated on Thursday that although the botnet has gone quiet since its previous attack wave, it has undergone an exponential growth surge since December.
Researchers have reported that FritzFrog propagates via SSH, using server’s credentials with an aggressive brute force technique. It then establishes an SSH session with the new victim and drops the malware executable on the host. The malware will then wait for commands. Since the botnet’s discovery, 24,000 attacks have been detected to date. Of those attacks, 1,500 hosts have been infected. The majority of the botnet’s targets are in China and the operators target organizations in the healthcare, education, and government sectors.