Novel AndoryuBot DDoS botnet leverages Ruckus RCE bug

Vulnerable Ruckus Wireless Admin panels are being targeted by the new distributed denial-of-service botnet Andoryu through the exploitation of a recently patched critical vulnerability, tracked as CVE-2023-25717, which enables remote code execution to facilitate the inclusion of compromised devices to attackers' DDoS arsenal, BleepingComputer reports. Malicious HTTP GET requests are being used by Andoryu to infect devices of various system architectures before proceeding with downloading an additional script for infection spread and communicating with the command-and-control server, according to a report from Fortinet. Twelve DDoS attack modes are included in Andoryu, including the tcp-handshake, tcp-raw, udp-plain, and icmp-echo techniques, with researchers noting that commands received by the malware indicate the DDoS type as well as the targeted IP addresses and port numbers. Threat actors behind the Andoryu DDoS botnet have been using YouTube for marketing efforts, offering the botnet for weekly rent prices ranging from $20 to $115 depending on the length and frequency of daily attacks.