Matrix Orchestrates Global DDoS Attack Campaign

Home/BOTNET, Compromised, DDOS, Exploitation, Internet Security, Malware, Security Advisory, Security Update/Matrix Orchestrates Global DDoS Attack Campaign

Matrix Orchestrates Global DDoS Attack Campaign

Cybersecurity researchers have uncovered a large-scale DDoS campaign attributed to a threat actor known as “Matrix.” Despite the actor’s low technical skills, the campaign demonstrates how easily accessible tools are enabling less experienced attackers to launch significant global attacks.

Campaign Overview

Matrix’s operation highlights how public scripts and open-source tools enable large-scale cyberattacks. The actor targets vulnerabilities in IoT and enterprise devices, using brute-force attacks and weak credentials to build a botnet for global DDoS disruptions.

  • Tools and Methods: Matrix uses public scripts to exploit vulnerabilities in routers, DVRs, cameras, and telecom equipment. Key vulnerabilities include CVE-2017-18368 (command injection in ZTE routers) and CVE-2021-20090 (Arcadyan firmware flaw).
  • Targeted Devices: The focus is on IoT devices with weak security, such as IP cameras, routers, and DVRs. The campaign also targets enterprise systems with misconfigured services like Hadoop’s YARN and HugeGraph servers.
  • Geographic Focus: The operation mainly targets devices in the Asia-Pacific region, particularly China and Japan, while avoiding Russia and Ukraine, indicating financial rather than political motives.

Technical Analysis

Matrix uses various tools to control and grow its botnet. Analysis of its GitHub repositories shows it relies on Python, Shell, and Golang scripts, often adapted from open-source projects.

This suggests a “script kiddie” approach, where pre-made tools are modified rather than created from the ground up.

Matrix’s Activity on GitHub

Exploited Vulnerabilities

The campaign takes advantage of both recent and older vulnerabilities in various devices. Key vulnerabilities include:

  • CVE-2024-27348 in HugeGraph, used for remote code execution.
  • CVE-2022-30525 and CVE-2018-10562, targeting IoT devices to maintain botnet activity.

These vulnerabilities allow attackers to hijack devices and add them to a botnet used for DDoS attacks.

Findings by Aqua Nautilus highlight a troubling trend: the rise of cyberattacks by low-skilled actors, thanks to AI tools and readily available hacking resources. This poses new challenges for global cybersecurity efforts.

In response to threats like Matrix, organizations should:

  • Strengthen Default Security: Change default passwords and update firmware on all network-connected devices.
  • Implement Network Segmentation: Isolate critical systems from IoT devices to limit exposure.
  • Monitor and Respond: Use advanced threat detection to spot and address unusual network activity quickly.

DDoS attacks can have a significant economic impact, disrupting businesses and infrastructure. Devices compromised by Matrix’s botnet could also be used in future attacks, escalating the threat.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 174
By | 2024-11-29T23:39:28+05:30 November 28th, 2024|BOTNET, Compromised, DDOS, Exploitation, Internet Security, Malware, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!