"Windows and Linux Servers Targeted by New WatchDog Botnet for Almost Two Years"
Cybersecurity researchers at Unit42, a security division at Palo Alto Networks, have discovered a cryptomining botnet called WatchDog. According to the researchers, the WatchDog botnet has been active since January 2019, targeting both Windows and Linux systems. The botnet is written in the Go programming language and relies on outdated enterprise apps as a point of entry for attacks. Further analysis of the WatchDog botnet operations found that the botnet operators have used 33 different exploits to target 32 vulnerabilities in Drupal, Elasticsearch, Apache Hadoop, Spring Data Commons, SQL Server, ThinkPHP, Oracle WebLogic, and other software. Based on the analysis of the WatchDog malware binaries, it has been estimated that the botnet infected 500 to 1,000 systems. Since it launched in 2019, the WatchDog mining operation has gained an estimated profit of 2019 Monero cryptocurrency coins (XMR), currently valued at around $32,000. The actual amount of monetary gain from these botnet operations is believed to be significantly higher as the researchers only analyzed a few binaries. WatchDog has not extracted credentials from infected servers, but researchers warn that the operators could easily update the cryptomining botnet to perform credential scans. This article continues to discuss the Unit42 researchers' findings surrounding the WatchDog botnet.
ZDNet reports "Windows and Linux Servers Targeted by New WatchDog Botnet for Almost Two Years"