Numerous Internet of Things devices, routers, and server architectures are being targeted by the new Enemybot distributed denial-of-service botnet, which contains modules from the Mirai and Gafgyt botnets' source codes, ZDNet reports.
Researchers from FortiGuard Labs have determined that the Keksec threat group has been operating Enemybot, which has been aimed at launching attacks against routers from D-Link, Netgear, Zhone, iRZ, and Seowon Tech, as well as misconfigured Android devices.
Keksec has also used Enemybot to target server and desktop systems running on arm and arm64, BSD, and Darwin.
"This mix of exploits targeting web servers and applications beyond the usual IoT devices, coupled with the wide range of supported architectures, might be a sign of Keksec testing the viability of expanding the botnet beyond low-resource IoT devices for more than just DDoS attacks," said researchers.
More versions of Enemybot, which is still under development, are expected soon, they added.
As part of its latest attacks discovered in June, Tropic Tropper exploited several known Microsoft Exchange Server and Adobe ColdFusion vulnerabilities to distribute an updated China Chopper web shell on a server hosting the Umbraco open-source content management system.
More than 50 Alibaba-hosted command-and-control servers have been leveraged to facilitate the distribution of the backdoor, which impersonates the Java, bash, sshd, SQLite, and edr-agent utilities.
Angola and the Democratic Republic of Congo, which is a new Intellexa client, may have leveraged new Predator infrastructure to enable spyware staging and exploitation, according to an analysis from Recorded Future's Insikt Group.