A new botnet called Dark Frost has been observed launching distributed denial-of-service (DDoS) attacks against the gaming industry.
“The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices,” Akamai security researcher Allen West said in a new technical analysis shared with The Hacker News.
Targets include gaming companies, game server hosting
providers, online streamers, and even other gaming community members with whom the threat actor has interacted directly.
As of February 2023, the botnet comprises 414 machines running various instruction set architectures such as ARMv4, x86, MIPSEL, MIPS, and ARM7.
Botnets are usually made up of a vast network of compromised devices around the world. The operators tend to use the enslaved hosts to mine cryptocurrency, steal sensitive data, or harness the collective internet bandwidth from these bots to knock down other websites and internet servers by flooding the targets with junk traffic.
Dark Frost represents the latest iteration of a botnet that appears to have been stitched together by stealing source code from various botnet malware strains such as Mirai, Gafgyt, and QBot.
Akamai, which reverse-engineered the botnet after flagging it on February 28, 2023, pegged its attack potential at approximately 629.28 Gbps through a UDP flood attack. The threat actor is believed to be active since at least May 2022.
“What makes this particular case interesting is that the actor behind these attacks has published live recordings of their attacks for all to see,” the web infrastructure company said.
“The actor was observed boasting about their achievements on social media, utilizing the botnet for petty online disputes, and even leaving digital signatures on their binary file.”
Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!Save My Seat!