China declared a real war on DDoS services
In China, numerous arrests have been carried out in order to limit the activities associated with the creation of botnets and leasing them for DDoS attacks. Chinese authorities have declared a real war on DDoS services.
According to a blog post on ZDNet, among the detainees are two suspected network operators of 200,000 hacked sites.According to the reporter, the growth in the number of sites offering special tools and services to inexperienced didosers became especially noticeable in China after the Mirai IoT bot source code was leaked to the Network. In 2017, observers from Cisco Talos considered it necessary to draw the attention of the Internet community to malicious activity by complaining about the inaction of the Chinese authorities.
“Ever since the release of the Mirai IoT botnet source code online in late 2016, Chinese hackers have gotten a taste for building monster botnets, which they rent from other users via special services called DDoS booters (or DDoS stressors)”, — write journalists ZDNet.
Time passed, but the number of shadow DDoS services in the Celestial Empire continued to increase. Local bot drivers stopped relying solely on Mirai and IoT and began experimenting with malware that could attack vulnerabilities in servers and web application development frameworks. The Chinese army of DDoS botnets has grown and become so active that the authorities, unwittingly, had to take drastic measures.
Read also: APWG Notes Three-Year Phishing Record
Preparations for the elimination of the largest of the most famous Chinese botnets began in August 2018. According to local sources studied by the author of the ZDNet recording, an investigation was launched after police in Jiangsu province were informed of the hacking of a large number of servers on Xuzhou Telecom’s networks.
As it turned out, crackers discovered backdoors on the servers to provide themselves with remote control.
“The scale of the operation became apparent when it became clear that the attackers were using vulnerabilities to inject malicious code and thus infected more than 200 thousand sites, including many Chinese portals and government Internet sites”, – reports ZDNet.
According to local media reports, the detected botnet was mainly used for DDoS attacks; the power of some of them at peak reached 200 Gbit / s. Network tenants also clogged hacked sites with spam, placed malicious ads on them and mined cryptocurrency using the power of servers connected to the botnet.