A hacker group responsible for defacement attacks against Twitter and Baidu now appears to be amassing a mighty botnet, according to security researchers.
The "Iranian Cyber Army" rose to infamy late last year when its members compromised Twitter's DNS records to redirect visitors to a page announcing that the popular microblogging site had been hacked. A few weeks later, the same band of hackers launched a similar attack against Baidu, the leading Chinese search engine.
But now the Cyber Army appears to be shifting to more malicious activity than simple defacements, researchers at Seculert, a cyberthreat management startup, said in a blog post.
Last month, the European website of the TechCrunch blog was hacked to serve malware to visitors, and Seculert researchers now believe that the Cyber Army was responsible. After studying the crime server's components, researchers determined that the exploit kit being used is custom-built and unique to only one hacker group. In addition, the email address used on the server's administration panel matched the one used on the Twitter and Baidu defacement pages.
Since the Iranian group has morphed its operations to malware, its exploit has been installed on at least 400,000 machines, the post said, citing information from the crime server's statistics page. But that number may actually exceed 20 million.
"[W]hile tracking these numbers, our research team noticed that once in a while, the counter got reset, which means the actual number of infected machines should be much larger," the post said. "What really matters here is what the Iranian Cyber Army can do with such power."
Aviv Raff, CTO of Seculert, said he is not sure what the botnet's ultimate goal is.
"Currently, they are doing it for money," Raff told SCMagazineUS.com. "They lease part of the botnet to other cybercriminals, [who] then install other types of malware."
Raff said he finds the timing of the botnet's rise interesting, especially in light of reports that the Stuxnet worm has predominantly been invading control systems belonging to Iran. As a result, the Cyber Army may soon use the botnet as a means for revenge.
"Now, with the Stuxnet discovery, it's probably a matter of time until they'll use it as part of their hacktivism campaigns," Raff said.
See original article on scmagazineus.com
Iranian Cyber Arms shifts efforts toward malware, botnets
Twitter hackers building botnet.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Promoted Content
AI in cybersecurity: weapon or shield?
AI Copilot: Breaking Down Silos & Securing the Future
Unlock SMB Success with Microsoft Copilot
.png&h=140&w=231&c=1&s=0)
Partner Content
Machine identity a key priority for organisations’ security strategies: CyberArk
Sponsored Whitepapers
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
