WireX botnet operator charged with organizing DDoS attacks

The US Department of Justice, in absentia, accused the administrator of the Android botnet WireX, a 32-year-old Turkish citizen Izzet Mert Ozek, of organizing a DDoS attack on a transnational hotel chain.

Ozek has reportedly not yet been arrested and authorities believe he is currently residing in Turkey.

According to court documents, the WireX botnet consisted of approximately 120,000 Android devices, judging by the unique IP addresses seen in the WireX attacks, and in 2017 used that power to attack an unnamed company’s website and its online booking system. The name of the affected company was not disclosed, it is only known that the servers of its website were located in northern Illinois.

The hospitality company, which managed luxury hotels and resorts, was headquartered in Chicago and the servers for its website were located in northern Illinois.a DOJ press release says.

The WireX botnet was launched in mid-July 2017 and was built using hundreds of malicious apps distributed through the Google Play Store and third-party app stores. The botnet’s attacks began in July of that year, and sometimes its operators sent ransom messages to victims.

The botnet attracted attention of cybersecurity researchers in August 2017, when it was seen in large-scale Layer 7 DDoS attacks targeting several large CDNs and content providers. According to experts who studied these incidents, the botnet carried out DDoS attacks using bots from 100 countries around the world and using about 120,000 IP addresses.

Unique IP per hour

Shortly after these attacks, at the end of August 2017, the botnet was brought down by the joint efforts of researchers from Akamai, Cloudflare, Flashpoint, RiskIQ, Google, Oracle Dyn, Team Cymru, other companies and the FBI.

Although the Justice Department does not reveal whether Ozek was the administrator of the WireX botnet or only rented it from other hackers, Bleeping Computer journalists write that they managed to connect Ozek to the infrastructure used by the botnet. So, on his LinkedIn page it says that he is the founder of AxClick, and this name appeared in several subdomains of the same root domain (axclick [.] Store) that made up the WireX management infrastructure.

Let me remind you that we talked about the fact that 33 BEC Black Ax fraudsters that stole more than $ 17 million arrested in the US, as well as that, for example, China declared a real war on DDoS services.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button