Friend
Professional
- Messages
- 2,657
- Reaction score
- 864
- Points
- 113
Researchers warn of a new wave of digital attacks.
Security researchers from Team Cymru have revealed a noticeable expansion in the activity of the 7777 botnet, first noticed in October 2023 and named after the use of TCP port 7777 on infected routers. Recent studies have shown that this botnet has significantly increased the scale of its activities, even despite ongoing attempts to contain it, which has caused concern among experts.
Initially, the 7777 botnet was detected in malicious activity targeting Microsoft Azure cloud services, which were characterized by a low volume of attacks, which made them difficult to detect. At that time, the botnet had about 10,000 nodes, but by August 2024, the number of active devices had decreased to 7 thousand.
Recent data suggests that the botnet has expanded with new infrastructure, using the open port 63256 on infected Asus routers. This extension allowed the botnet to reach almost 13 thousand active devices, which, according to experts, is only part of a vast malicious network.
The researchers also found seven IP addresses associated with running the botnet. Four of them were previously mentioned in other studies, and three new IP addresses require additional analysis. These IP addresses are used to manage infected devices and can be linked to cyber attacks on Microsoft 365 services.
A significant part of the infected devices are TP — Link routers and Hikvision cameras, which corresponds to previous studies. The new part of the botnet running on port 63256 is mainly aimed at Asus routers, which highlights the evolution of malicious methods.
Despite measures taken to combat the botnet, it continues to function, retaining a significant number of infected devices. Experts continue to study its infrastructure in order to better understand the goals of botnet operators and possible attack directions.
Experts strongly recommend that users update the firmware of their devices, use strong passwords, and regularly check network activity to prevent possible compromises.
Source
Security researchers from Team Cymru have revealed a noticeable expansion in the activity of the 7777 botnet, first noticed in October 2023 and named after the use of TCP port 7777 on infected routers. Recent studies have shown that this botnet has significantly increased the scale of its activities, even despite ongoing attempts to contain it, which has caused concern among experts.
Initially, the 7777 botnet was detected in malicious activity targeting Microsoft Azure cloud services, which were characterized by a low volume of attacks, which made them difficult to detect. At that time, the botnet had about 10,000 nodes, but by August 2024, the number of active devices had decreased to 7 thousand.
Recent data suggests that the botnet has expanded with new infrastructure, using the open port 63256 on infected Asus routers. This extension allowed the botnet to reach almost 13 thousand active devices, which, according to experts, is only part of a vast malicious network.
The researchers also found seven IP addresses associated with running the botnet. Four of them were previously mentioned in other studies, and three new IP addresses require additional analysis. These IP addresses are used to manage infected devices and can be linked to cyber attacks on Microsoft 365 services.
A significant part of the infected devices are TP — Link routers and Hikvision cameras, which corresponds to previous studies. The new part of the botnet running on port 63256 is mainly aimed at Asus routers, which highlights the evolution of malicious methods.
Despite measures taken to combat the botnet, it continues to function, retaining a significant number of infected devices. Experts continue to study its infrastructure in order to better understand the goals of botnet operators and possible attack directions.
Experts strongly recommend that users update the firmware of their devices, use strong passwords, and regularly check network activity to prevent possible compromises.
Source
