Recently, hackers operating the Catdod Botnet have exploited more than 80 known vulnerabilities in various software products over the past three months. They have been infecting devices and incorporating them into their network to carry out Distributed Denial of Service (DDOS) attacks.
According to researchers from Qianxin, samples associated with CATDDOS utilize numerous well-known vulnerabilities, with the maximum number of targets attacked per day exceeding 300.
The vulnerabilities affect routers, network equipment, and devices from manufacturers including Apache, Cacti, Cisco, D-Link, Draytek, Freepbx, Gitlab, GoCloud, HaawWei, and more.
CATDOS was initially identified by Qianxin and NSFOCUS towards the end of 2023 as an alternative to the MIRAI botnet, capable of carrying out DDOS attacks using various protocols. The malicious software, discovered in August 2023, derives its name from lines like “catdos.pirate” and “password_meow” found in the command center domains.
The majority of the targets attacked are located in countries such as China, USA, Japan, Singapore, France, Canada, Great Britain, Bulgaria, Germany, the Netherlands, and India.
To encrypt the command center server, the Botnet uses the Chacha20 algorithm and the Opennic domain to avoid detection. Similar encryption methods are also employed by other botnets like Hailbot, Vapebot, and Woodman.
Catdos attacks are focused on countries like the USA, France, Germany, Brazil, and China, impacting various sectors including cloud services, education, scientific research, IT, public administration, and construction, as per Qianxin XLAB.
While the authors of the malware were believed to have ceased their operations in December 2023, they made the source code available for sale in a Telegram group before discontinuing their activities.
Due to the sale or leakage of the source code, new variants of the botnets like Rebirthltd, Komaru, and Cecilio Network emerged. Despite being controlled by different groups, these variants show few changes in code, communication design, and decryption methods.
The proliferation of the Catdods Botnet highlights the importance of promptly addressing vulnerabilities, ongoing threat monitoring, and international cooperation in cybersecurity to safeguard digital infrastructure.