"Keksec Cybergang Debuts Simps Botnet for Gaming DDoS"
Security researchers at Uptyc's have discovered a new malware that infects IoT devices in tandem with the prolific Gafgyt botnet, using known security vulnerabilities. A recently developed botnet named "Simps" has emerged from the cyber-underground to carry out distributed denial-of-service (DDoS) attacks on gaming targets and others, using internet of things (IoT) nodes. It's part of the toolset used by the Keksec cybercrime group, researchers said. Simps was first seen in April being dropped on IoT devices by the Gafgyt botnet. Gafgyt (a.k.a. Bashlite) is a Linux-based botnet that was first uncovered in 2014. It targets vulnerable IoT devices like Huawei routers, Realtek routers, and ASUS devices, which it then uses to launch large-scale DDoS attacks and download next-stage payloads to infected machines. It recently added new exploits for initial compromise for Huawei, Realtek, and Dasan GPON devices. In the current campaign, researchers stated that Gafgyt infects Realtek (CVE-2014-8361) and Linksys endpoints and then fetches Simps. According to the analysis, Simps uses Mirai and Gafgyt modules for DDoS functionality. Another variant of the attack uses shell scripts for downloading Simps.
Threatpost reports: "Keksec Cybergang Debuts Simps Botnet for Gaming DDoS"