Threat Management, Risk Assessments/Management

Hundreds of victims impacted by Fodcha DDoS botnet daily

BleepingComputer reports that more than 100 victims daily are being impacted by the new Fodcha distributed denial-of-service botnet, which has already infected more than 62,000 devices from March 29 to April 10. More than 10,000 bots with Chinese IP addresses are being leveraged by the Fodcha botnet, most of which are using China Unicom and China Telecom services, according to a report from Qihoo 360's Network Security Research Lab. The Fodcha botnet has been discovered to have leveraged several vulnerabilities, including an Android ADB Debug Server remote command execution flaw, a GitLab bug, tracked as CVE-2021-22205, a Realtek Jungle SDK flaw, tracked as CVE-2021-35394, a LILIN DVR RCE, a backdoor in TOTOLINK routers, a ZHONE router web RCE, and the JAWS Webserver unauthenticated shell command execution flaw in MVPower DVR. Operators of the botnet have also been leveraging Crazyfia scan results for malware payload deployments. Meanwhile, the botnet was observed to have switched to a new domain last month after their original domain was taken down. "The new C2 is mapped to more than a dozen IPs and is distributed across multiple countries including the US, Korea, Japan, and India, it involves more cloud providers such as Amazon, DediPath, DigitalOcean, Linode, and many others," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.