Russian Botnet Attack: Over 1 Million Devices Infected

Recently, Google had made a startling discovery about a major Russian-backed hacking operation called Glupteba botnet.

The tech giant has claimed that the sophisticated botnet operation infiltrated more than 1 million Windows systems globally. Moreover, the Glupteba botnet is perpetuating at the rate of thousands of new devices daily.

The Russian Botnet Attack Explained

Google stated that the Russian nationals Dmitry Starovikov and Alexander Filippov, the two main operators of the Glupteba botnet, exploited the botnet network for various illicit purposes. They have allegedly created Gmail and Google Workspace accounts to operate the criminal enterprise.

The notorious actors deceived the Windows users into downloading malware through a third-party ‘free download’ site. Once the device gets infected, the botnet pilfers user credentials and data, mines cryptocurrency, and places proxies to siphon other users’ internet traffic via infected devices.

Also Read: BitMart Falls Victim to a Crypto Heist, Loses USD 200 Million in Tokens!

The tech giant described the botnet attack as a “modern, borderless technological embodiment of organized crime.” It also noted that the Glupteba botnet is technically sophisticated as it utilizes blockchain technology to protect itself from disruption.

“The Glupteba botnet attack does not rely solely on predetermined (web) domains to ensure its survival,” mentioned the tech firm.

“Instead, when the botnet’s C2 server is interrupted, Glupteba malware is hard-coded to ‘search’ the public Bitcoin blockchain for transactions involving three specific Bitcoin addresses that are controlled by the Glupteba Enterprise. Thus, the Glupteba botnet cannot be eradicated entirely without neutralizing its blockchain-based infrastructure.”

“At any moment, the power of the Glupteba botnet could be used in a powerful ransomware attack or distributed denial of service attack,” added Google.

According to the internet giant, the malicious operators allegedly created Gmail and Google Workspace accounts to distribute malware and attack victims in the US, Brazil, India, Vietnam, and Southeast Asia.

Fortunately, Google was able to disrupt the botnet’s key command and control (C2) infrastructure. It terminated around 63 million Google Docs detected sharing Glupteba, over 1,100 Google Accounts, and even 870 Google Ads.

Now, the Russian operators no longer have control of the botnet attack. However, the search engine giant has warned that hackers could regain control as the botnet uses blockchain technology as a resiliency mechanism.

“The Glupteba botnets can recover more quickly from disruptions, making them that much harder to shut down. We are working closely with industry and government as we combat this type of behavior,” Google said.

“The operators of Glupteba are likely to attempt to regain control of the botnet using a backup command and control mechanism,” warned Shane Huntley and Luca Nagy from Google’s threat analysis group.

Also Read: 86% of Compromised Google Cloud Accounts Leveraged for Crypto Mining!

The IT giant went ahead and filed a lawsuit against the Russian operators in the US District Court for the Southern District of New York. The company demanded an injunction to permanently ban Starovikov and Filippov from using Google services.

This is the first time Google filed a lawsuit against a botnet operation. The move comes hot on the heels of Microsoft’s control of malicious websites leveraged by China-backed hackers to cripple government and human rights organizations in the US and 28 other nations.

Large tech companies like Google and Microsoft are firing on all cylinders to stave off cybercrime. However, cybersecurity experts have their own qualms.

“It is rare that those behind such operations are ever caught, so it is often best to fight such activities with preventative measures,” said Jake Moore, a cybersecurity expert at ESET.

Also Read: Panasonic Suffers Data Breach; Remains Undetected for Ages

Prevention is better than cure, even in the cyberworld

cybersecurity prevention

Cyber hygiene is one of the most critical tools to prevent cyberattacks. Default or weak passwords and outdated software are the key attack vectors for most data breaches. Simple cyber hygiene practices go a long way in fighting cybercrime.

Organizations must educate and encourage their employees, clients, and shareholders to have strong, unique passwords as well as robust software update programs. They must emphasize the need to have antivirus software and regular scans. Also, enlighten the employees to never download anything and everything that is free. Partnering with a managed security services provider like StealthLabs is the last piece of the puzzle in your fight against cybercriminals.

StealthLabs offers a suite of IT security services to help organizations manage and secure all networks and endpoints from cyberattacks. With over decade-long domain expertise, we have been catering to the security needs of Fortune 500 companies. Our security experts can assess your cybersecurity posture and develop remediation plans to fix the identified security vulnerabilities. Reach out to us today to imbibe preventive measures across your organization, for a stitch in time saves nine.

Contact Us

More Articles: