Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
Aisuru Botnet Evolves, Shifting from DDoS Attacks to Residential Proxy Sales
Advertisements

The Aisuru botnet, a known threat targeting Internet of Things (IoT) devices, has undergone a significant operational transformation. Security researchers have reported that the malware, which historically focused on launching Distributed Denial-of-Service (DDoS) attacks, has been repurposed. The botnet’s operators have shifted their monetization strategy from attack-for-hire services to a new commercial offering. This evolution demonstrates a calculated pivot by cybercriminals to create more persistent and potentially lucrative revenue streams from their network of compromised devices.

A Strategic Pivot from DDoS to Proxies

The Aisuru botnet was first identified as a tool primarily used for DDoS attacks. By infecting a large number of poorly secured IoT devices, it could harness their collective bandwidth to launch powerful attacks that would overwhelm a target’s servers and infrastructure. This capability was sold as a service to other malicious actors. Recent analysis of the botnet’s command-and-control (C2) infrastructure and behavior, however, shows a clear change in its primary function. Instead of just receiving attack commands, the infected bots are now configured to function as nodes in a residential proxy network. This marks a strategic move from a disruptive, high-visibility attack model to a more covert, service-based one.

How the Illicit Proxy Service Functions

Under this new model, the Aisuru operators sell access to their network of compromised devices. Each infected IoT device, such as a home router or IP camera, serves as an exit node. Customers of this illicit service can route their internet traffic through these nodes, effectively borrowing the IP addresses of the victims’ homes and businesses. This technique allows malicious actors to conceal their true origin, making their activities appear to be from legitimate residential connections. Such services are valuable for conducting activities like ad fraud, web scraping, and credential stuffing attacks while bypassing security measures designed to block traffic from known data centers or malicious IP ranges. This shift provides the botnet operators with a steadier income compared to the sporadic nature of the DDoS-for-hire market.

All articles are written here with the help of AI on the basis of openly available information which cannot be independently verified. We do strive to quote the relevant sources.The intent is only to summarise what is already reported in public forum in our own wordswith no intention to plagarise or copy other person’s work.The publisher has no intent to defame or cause offence to anyone, any person or any organisation at any moment.The publisher assumes no responsibility for any damage or loss caused by making decisions on the basis of whatever is published on cyberconcise.com.You’re advised to do your own checks and balances before making any decision, and owners and publishers at cyberconcise.com cannot be held accountable for its resulting ramifications.If you have any objections, concerns or point out anything factually incorrect, please reach out using the form on https://concisecyber.com/about/

Discover more from Concise Cyber

Subscribe now to keep reading and get access to the full archive.

Continue reading