Researchers have discovered a botnet known as Dark Frost, which has been launching distributed denial of service (DDoS) attacks against the online gaming sector. This new botnet was found by Akamai’s Security Intelligence Response Team (SIRT), which recently published its findings. By publicizing this, SIRT wants to highlight that it’s not just notorious hacker groups that can cause significant damage but also low-skilled threat actors.
Botnets are becoming more accessible
A botnet is a network of malware-infected computers that can be controlled by a cybercriminal to launch coordinated online attacks. We’ve discussed botnets before on the SSLs.com blog in relation to DDoS attacks, the purpose of which is to overload servers with fake traffic to take websites and services offline. While botnets are mostly associated with DDoS attacks, they can also serve other purposes, such as unwarranted crypto mining, data theft, and distributing spam.
Botnets also sound like they would be challenging to orchestrate, requiring a certain level of technical sophistication. However, there has been an increase in botnets-for-hire in recent times, so threat actors only need to be able to pay to launch a devastating attack.
And even if you don’t pay, the unfortunate reality is that a less skilled hacker can create an effective botnet by using AI code generation combined with source code from previously successful malware strains.
Dark Frost is an example of one of these unsophisticated yet powerful botnets.
The significance of Dark Frost
SIRT found that Dark Frost was created by combining source code from the previously successful Mirai, Gafgyt, and Qbot malware. The botnet was made up of 414 machines running various instruction set architectures such as ARMv4, x86, MIPSEL, MIPS, and ARM7 as of February 2023. With this botnet, the threat actor could target gaming streamers, gaming companies, game server hosting providers, and gaming community members known to the attacker with reasonable success. The attacker targeted misconfigurations in Hadoop YARN servers, a known vulnerability since 2014.
The person behind the botnet
The Dark Frost threat actor is thought to have been active since May 2022, and Akamai’s researchers believe them to be relatively young due to their open bragging on social media. They took credit for various attacks, sometimes backing up their claims with screenshots and even video recordings. While their motives initially seemed trivial and petty, researchers noted an escalation, with the actor revealing they intended to start an attack group and sell attack services on Discord.
The takeaway
While most threat actors aren’t always so public with their exploits, SIRT believes this particular case serves as an example of how low-level actors are becoming a more significant cyber threat. It urges the security community as a whole to start taking such threat actors seriously.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.