Russian Hackers Unleash Massive IoT Botnet Attack Targeting Global Cloud Giants

Russian Hackers Unleash Massive IoT Botnet Attack Targeting Global Cloud Giants

Russian Cybercrime Group “Matrix” Launches Major IoT-Based DDoS Campaign

A significant distributed denial-of-service (DDoS) campaign has emerged, orchestrated by the Russian threat actor “Matrix,” targeting vulnerable Internet of Things (IoT) devices worldwide.

The campaign primarily focuses on China and Japan, with secondary operations in Argentina, Australia, Brazil, Egypt, India, and the United States. Major cloud service providers, including AWS, Azure, and Google Cloud, are among the primary targets of these financially motivated attacks.

Matrix’s attack strategy involves exploiting known vulnerabilities and weak credentials across various IoT devices, including IP cameras, DVRs, and routers. The group compromises misconfigured Telnet, SSH, and Hadoop servers, deploying multiple malware variants, including the Mirai botnet. Their arsenal combines publicly available scripts and custom tools from GitHub.

Operating as a DDoS-for-hire service, Matrix utilizes the “Kraken Autobuy” Telegram bot for cryptocurrency transactions, offering various service tiers to potential clients.

Security expert Assaf Morag from Aqua Security notes that while the campaign isn’t technically sophisticated, it demonstrates the potential for widespread attacks using readily available tools. Essential security measures recommended include:
– Changing default device credentials
– Securing administrative protocols
– Implementing regular firmware updates

This campaign coincides with XorBot, another emerging botnet targeting IoT devices since November 2023, underlining the increasing threats to inadequately secured connected devices.

Share This Article