"Romanian Cybercrime Gang Diicot Builds DDoS Botnet With Mirai Variant"

According to researchers, a cybercriminal group called "Diicot" is conducting mass SSH brute-force scanning and launching a variant of the Mirai Internet of Things (IoT) botnet on compromised devices. Additionally, the group deploys a cryptocurrency mining payload on servers with CPUs containing more than four cores. Cayosin, an off-the-shelf Mirai-based botnet agent, was discovered by Cado Labs to be deployed by Diicot, despite the group's traditional association with cryptojacking campaigns. This agent was intended for routers running OpenWrt, the Linux-based embedded devices operating system. The Diicot group has been in operation since at least 2021 and was previously known as "Mexals." After examining strings found in malware payloads, scripts, and messages against those of rival hacker groups, researchers strongly believe that the group is based in Romania. Even its new name resembles the acronym for the Directorate for Investigating Organized Crime and Terrorism (DIICOT), a Romanian law enforcement agency. This article continues to discuss findings surrounding the Diicot cybercrime gang. 

CSO Online reports "Romanian Cybercrime Gang Diicot Builds DDoS Botnet With Mirai Variant"