New Jaku Botnet Already has 19,000 Zombies, Best for DDoS Attacks and Spam

Security researchers of Forcepoint, a world leader in approving organisations for driving the business ahead via transformative technologies of security, claim that the latest botnet has gradually grown as well as developed to have a hold on more than 19,000 zombies across the world, but mostly in Asian countries.

2016 Global Threat Report of Forcepoint reveals that Jaku (Star Wars reference alert - Jaku) has claimed over 19,000 victims across 134 countries till now. The majority of victims belong to countries like South Korea and Japan which contain 73 percent infections.

Special Investigations (SI) team of Forcepoint investigated for six months and revealed that "Jaku herds victims en masse and conducts highly targeted attacks on specific victims through the execution of concurrent operational campaigns". Forcepoint have built on Dark Hotel campaign research done previously by Kaspersky, and also engaged with Europol, Interpol, UK National Crime Agency (NCA), and CERT-UK.

The group responsible for Jaku controls the botnet via various C&C (command-and-control) servers and majority of which are situated in countries in the APAC region like Malaysia, Thailand and Singapore.

Softpedia.com posted on May 4th, 2016, stating that the Jaku group deployed three different C&C mechanisms to keep themselves hidden but they also used complicated SQLite databases on the client-side to accumulate configuration files.

Not only Jaku botnet could be used for launching DDoS attacks and delivering spam, but it can also be used for implementing malware of various kinds. This 2nd stage delivery process takes place with assistance of steganography, that are used by crooks to pack its malicious code under the image files.

According to Forcepoint, infections normally take place through malware-laced files shared through BitTorrent. Usually, the group goes after high-value targets but does not matter if other users are infected also.

Organisations are experiencing more data breaches that are caused by both "accidental" as well as malicious insiders, and different security controls between businesses and cloud providers.

Researchers of Forcepoint add that: "the Jaku campaign has clear connections with the TTPs used by the threat actors discussed by Kaspersky in the Darkhotel investigations from November 2014". Dark Seoul that was earlier known as Darkhotel group, was in recent times linked with hackers of North Korea, which is a part of Lazarus Group.

» SPAMfighter News - 5/12/2016