The menace actor dubbed ‘Mysterious Team’ has utilized the Raven Storm tool to carry out dispersed denial-of-assistance (DDoS) attacks versus several targets.
The news arrives from CloudSEK, who specific the new risk in an advisory on Sunday.
“[Our] contextual AI electronic risk platform XVigil learned a submit by the Mysterious Team asserting the use of the Raven Storm tool DDoS attacks,” reads the doc. “The resource utilizes multi-threading for sending various packets at a single moment of time and having the concentrate on down.”
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
On top of that, the malware is reportedly capable of server takedown, Wi-Fi attacks and software layer attacks. It also offers attackers the capability to join to a customer by means of botnets.
From a complex standpoint, Raven Storm attacks levels 3 (network), 4 (transport), and 5 (application) of the application layer.
The malware is coded in Python, makes use of a CLIF framework to operate, and can competently deal with robust servers. It also operates at a consumer degree (not demanding any ‘sudo,’ ‘su,’ or root permissions), which tends to make it significantly unsafe.
At the similar time, CloudSEK explained its security scientists feel Raven Storm involves various occasions like botnets to function correctly.
In phrases of how the attack is executed, Raven Storm involves a URL to be furnished to the attacker, who will use it to connect it to the botnet. The attacker would then execute the command “server” and outline a customized password for utilizing this botnet, consequently protecting against other folks from interfering.
For context, the ARP module works by using many Nmap functions to scan for local units, so this module involves the person to have Nmap pre-installed.
“The attack commences after the person enters the needed code […] and the concentrate on host (IP address),” reads the advisory. “A request is despatched to the focus on host to see if it is responsive if it is, the attack is launched.”
To mitigate the effect of Raven Storm attacks, CloudSEK recommended method directors to apply anti-DDoS protection on the server and use IP geo-blocking in scenario of an attack.
The security gurus also encouraged companies to patch vulnerable and exploitable endpoints, check for anomalies in consumer accounts and watch cybercrime community forums for the hottest tactics employed by risk actors.
Some areas of this report are sourced from:
www.infosecurity-journal.com