A new Gorilla Botnet has launched massive DDoS attacks, targeting over 100 countries, according to cybersecurity firm NSFOCUS. This botnet, which utilizes Mirai botnet source code and advanced techniques, poses a growing and global threat.
NSFOCUS Global Threat Hunting System has detected a new cybersecurity threat: The Gorilla Botnet. In September 2024, this botnet launched a massive series of distributed denial-of-service attacks (DDoS attacks), targeting over 300,000 targets in over 100 countries.
According to NSFOCUS, a renowned Chinese company specializing in application security, Gorilla Botnet is inspired by the infamous Mirai botnet and has become a major concern due to its wide reach and stealth capabilities. Gorilla Botnetleverages a network of compromised IoT devices like an army to launch large-scale DDoS attacks. These attacks flood targeted systems with traffic, crippling their access to users.
What makes Gorilla Botnet particularly dangerous is its use of encryption to obscure key data, ensuring long-term control over compromised devices and supporting various CPU architectures, making it compatible with a wide range of devices.
Gorilla Botnet uses a distributed C&C network to manage its operations and offers a variety of DDoS attack methods, including UDP Flood, ACK Bypass Flood, and VSE Flood. Additionally, it utilizes connectionless protocols like UDP to spoof IP addresses and further hide its origin.
Global Reach and Impact
Since September 2024, when its activity was first detected, Gorilla has wasted no time making its mark. In just a month, the botnet unleashed over 300,000 attack commands, averaging a whopping 20,000 per day.
This series of attacks targeted over 100 countries, including economic powerhouses like:
- China
- Canada
- Germany
- United States
Additionally, critical infrastructure including universities, government websites, telecoms, banks, and gaming platforms, fell victim to these attacks.
Advanced Capabilities
According to NSFOCUS’s report, Gorilla Botnet’s sophistication goes beyond its attack methods. The malware incorporates encryption algorithms commonly used by the notorious Keksec hacking group, making it difficult to detect/analyze.
The botnet also shows a strong focus on persistence. By exploiting vulnerabilities like the Apache Hadoop YARN RPC flaw and installing services that automatically execute on system startup, Gorilla becomes a stubborn opponent to eradicate.
Organizations should strengthen their cybersecurity to address the growing threat of the Gorilla Botnet. Firewalls help block suspicious traffic, while intrusion detection systems (IDS) can spot unusual activity and alert security teams. Using cloud-based DDoS protection can also help reduce high-volume attacks, minimizing downtime for critical systems.
RELATED TOPICS
- Goldoon Botnet Hit D-Link Devices by Exploiting 9-Year-Old Flaw
- Russian Hackers Target Ubiquiti Routers for Data, Botnet Creation
- Golang Botnet “Zergeca” Discovered, Delivers Brutal DDoS Attacks
- Mirai-like Botnet Hits Zyxel NAS Devices in Europe for DDoS Attacks
- US Charges Duo Behind Anonymous Sudan for 35,000 DDoS Attacks