Botnet

China-nexus cyber actors are increasingly using large-scale networks of compromised devices, including SOHO routers and IoT devices, to obscure the origin of their attacks and conduct various malicious activities, from reconnaissance to data exfiltration.

The PowMix botnet campaign targets Czech organizations, particularly HR, legal, and recruitment agencies, using compliance-themed lures delivered via phishing emails, with the attack employing a Windows shortcut file that executes a PowerShell loader to bypass AMSI and deploy the botnet payload in memory.

Law enforcement has disrupted significant IoT botnets responsible for launching record-breaking distributed denial-of-service (DDoS) attacks, impacting the availability of targeted systems.

An Iranian botnet operation utilizing a 15-node relay network and active C2 infrastructure was exposed through an open directory.