Aqua Security Software Ltd. has unveiled a significant distributed denial-of-service (DDoS) campaign conducted by a threat actor named Matrix, targeting over 35 million devices worldwide. This attack primarily focuses on vulnerable Internet of Things (IoT) and enterprise systems, utilizing botnets ranging from 350,000 to 1.7 million compromised devices.
Matrix's campaign is notable for its use of publicly available tools, illustrating how even less sophisticated attackers can execute large-scale operations. The Mirai botnet plays a central role, exploiting weak or default credentials to incorporate IoT devices into a network capable of widespread disruption. Additional methods include Python scripts and brute-force techniques targeting routers, IP cameras, and servers.
The campaign exploits known vulnerabilities, such as CVE-2024-27348 in Apache HugeGraph and CVE-2021-20090 in Arcadyan firmware, and extends to enterprise software like Hadoop. A unique aspect of Matrix's strategy is the use of Discord bots and a Telegram store for operational and financial transactions, allowing the sale of tailored DDoS attack plans.
Matrix categorizes its attack plans into tiers, facilitating the launch of both Layer 4 and Layer 7 attacks, with payments processed in cryptocurrency to maintain anonymity. The campaign predominantly targets IoT-heavy regions in the Asia-Pacific, particularly China and Japan, not for political motives, but due to the high prevalence of connected devices.
To mitigate risks from such attacks, Aqua Nautilus researchers recommend updating device firmware, disabling default credentials, and enhancing security measures on IoT and enterprise systems. They emphasize that addressing basic security lapses is crucial to reducing exposure to large-scale threats.