Researchers successfully seized control of a command and control (C2) server linked to a variant of the PlugX malware, effectively halting its malicious operations. Over the span of six months, more than 2.5 million connections were logged from diverse IP addresses worldwide.
Beginning in September 2023, cybersecurity firm Sekoia took action upon identifying the unique IP address associated with the C2 server. Their efforts resulted in the logging of over 2.4 million unique IP addresses from 170 countries, allowing for comprehensive analysis of the malware’s spread and the development of effective countermeasures.
The acquisition of the C2 server’s IP address, at the cost of $7, was facilitated by Sekoia’s researchers. Following this, they gained shell access to the server and set up a mimicry of the original C2 server’s behavior. This enabled the capture of HTTP requests from infected hosts and provided insights into the malware’s activities.
The sinkhole operation revealed a daily influx of between 90,000 to 100,000 requests from infected systems, originating from various locations worldwide. Notably, certain countries accounted for a significant portion of the infections, with Nigeria, India, China, and the United States among the most affected.
Despite the challenges posed by the malware’s lack of unique identifiers and its ability to spre
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: