Qihoo 360’s Netlab security team based on a sample discovered on November 21, 2019, due to a huge number of function names beginning with the botnet was called as “pink.” The botnet was designed to launch DDoS attacks and insert advertising into the users’ legal HTTP traffic, the majority of which originate in China (96 percent ).
The researchers report in an analysis published last week following coordinated action by the unnamed vendor and China’s Computer Network Emergency Response Technical Team /Coordination Center (CNCERT/CC).
“Pink raced with the vendor to retain control over the infected devices, while the vendor made repeated attempts to fix the problem, the bot master noticed the vendor’s action in real time, and made multiple firmware updates on the fibre routers correspondingly.”
The botnet is built on a solid foundation of third-party services, peer-to-peer (P2P)and command-and-control servers. With the help of the infected device vendors, this design was created to make the botnet resistant to law enforcement and security firm takedowns.
According to an independent report by Beijing-based cybersecurity firm NSFOCUS, more than 96 percent of the zombie nodes in the “super-large-scale bot network” were located in China with the threat actor breaking into the devices to install malware by utilising zero-day vulnerabilities in network gateway devices. The botnet is still running with over 100,000 nodes, as of July 2020, despite the fact that a large portion of the infected devices has been fixed and restored to their previous state.
To keep control, the botmaster pushed out many firmware upgrades on the fibre networks whenever a vendor tried to solve the problem. Pink additionally uses DNS-Over-HTTPS (DoH) for configuration information sharing, which is done either through a project hidden on GITHUB or Baidu Tieba by a built-in domain name hard-coded into some of the samples.
NSFOCUS researchers Concluded that “Although Pink is the largest botnet ever discovered, it will never be the last one.” The findings show how botnets can provide a powerful infrastructure for threat actors to mount a range of attacks with approximately 100 DDoS attacks launched by the botnet to date. Internet of Things devices have become a significant target for black production organisations and even APT organisations.
–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin
CyberWorkx 