NSFOCUS Global Threat Hunting System recently detected a new cyber threat known as the Gorilla Botnet. This sophisticated botnet, which emerged in September 2024, has been wreaking havoc through a series of distributed denial-of-service (DDoS) attacks that have targeted over 300,000 entities across more than 100 countries. The botnet’s utilization of Mirai botnet source code and advanced techniques has contributed to its wide reach and stealth capabilities, magnifying the global threat it poses.
The Gorilla Botnet functions by harnessing a network of compromised Internet of Things (IoT) devices to orchestrate large-scale DDoS attacks. These attacks overwhelm targeted systems by flooding them with excessive traffic, thereby impeding users’ access. What sets the Gorilla Botnet apart is its adept use of encryption to obscure crucial data, ensuring sustained control over compromised devices. Furthermore, the botnet supports various CPU architectures, enhancing its compatibility with a broad spectrum of devices.
Moreover, the Gorilla Botnet leverages a distributed Command and Control (C&C) network to facilitate its operations. It offers an array of DDoS attack methods, including UDP Flood, ACK Bypass Flood, and VSE Flood, while using connectionless protocols like UDP to mask IP addresses and further obfuscate its origins.
In the short span since its emergence, the Gorilla Botnet has executed over 300,000 attack commands – averaging around 20,000 per day – targeting countries such as China, Canada, Germany, and the United States. Notably, critical infrastructure entities like universities, government websites, telecoms, banks, and gaming platforms have fallen victim to these disruptive attacks.
The report by NSFOCUS underlines the Gorilla Botnet’s advanced capabilities, which extend beyond its attack methods. The botnet integrates encryption algorithms akin to those deployed by the notorious Keksec hacking group, rendering it challenging to detect and analyze. It also exhibits a strong emphasis on persistence by exploiting vulnerabilities like the Apache Hadoop YARN RPC flaw and installing services that automatically launch upon system startup, making eradication efforts daunting.
As the Gorilla Botnet continues to pose a significant threat, organizations are urged to bolster their cybersecurity measures. Implementing firewalls to block suspicious traffic, deploying intrusion detection systems (IDS) to identify anomalous activities, and leveraging cloud-based DDoS protection can mitigate high-volume attacks, minimizing disruptions to critical systems and networks.
In light of the growing prominence of sophisticated cyber threats like the Gorilla Botnet, cybersecurity experts advocate for proactive measures to safeguard against evolving cyber risks. By staying attuned to emerging threats and fortifying defensive capabilities, organizations can enhance their resilience in the face of escalating cybersecurity challenges.