![Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]](https://www.ineedhack.com/wp-content/uploads/2023/01/Course-content-16-360x180.png)
This latest campaign involving Glupteba Botnet was launched in June 2022. It uses more than one dozen Bitcoin addresses, and it involves Tor services for C&C operations.
Nozomi Networks is an OT cybersecurity company. A blog posted by Nozomi revealed that the Glupteba Botnet remains active. Google claims that it has disrupted the Glupteba botnet in a cybercrime attack are untrue.
Google claimed to have disrupted the C&C infrastructure for the Glupteba Blockchain botnet. It also filed a lawsuit against the Russian operators Dmitry Starovikov, and Alexander Filippov. Nozomi says that this botnet remains operational.
Campaign Details
According to the company, the most recent campaign involving Glupteba began in June 2022. It is currently ongoing. Over 1,500 malware samples were scanned and the entire was analyzed by researchers. They concluded that malicious domains were distributed using one Bitcoin address in the June 2019 campaign.
A second botnet campaign was also discovered. It began in April 2020. Two Bitcoin addresses were used for C&C domain distribution. In November 2021, the third campaign was launched. This was probably the most short campaign, as it was ended after only two months.
This latest campaign was launched in June 2022 and uses more than a dozen Bitcoin addresses. It also involves using Tor to perform C&C operations.
Researchers observed that there had been a tenfold rise in TOR secret services used for C2 servers, since 2021.
What Does GluptebaBotnet Do?
To protect its C&C infrastructure, the Glupteba Botnet uses crypto blockchains. This malware is spread via fake advertisements or cracks to software. This malware targets Windows-based devices. It can mine user data for cryptocurrency, steal passwords, convert IoT devices () into proxy servers, and even take user credentials.
Glupteba is capable of storing any data using an opcode that can hold up to 80 bytes and the signature script. Because blockchain transactions can’t be erased or defended by law enforcement agencies, this method makes the botnet more resilient to disruption attempts. It’s believed that Glupteba has been using the same method as Cerber ransomware since 2019.
Why is Glupteba so difficult to disintegrate?
Nozomi Networks that the Bitcoin blockchain was developed with modern cryptography. This makes it impossible to take over the botnet. Threat actors are able to encrypt payloads, and provide a robust and cost-effective data storage system.
Google claimed to have won the lawsuit against Glupteba operator’s lawyers. The court also ordered defendants in the US and their US attorney to pay fines. They claim that they will cooperate, but they misled the court by using the court to get information which would allow them to bypass Google’s attempts to shut down Glupteba.
The operators are now back in business on other non-Google-based platforms as well as IoT device. The company claimed that its disruption effort was partly successful as it led to a 78% decrease in infected hosts.
