KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
The botnet, dubbed KashmirBlack, uses a modular infrastructure that includes features such as load balancing communications with command-and-control servers and storing files on cloud storage services, such as Dropbox and GitHub, to speed access to any new code updates for the systems infected with the software. The KashmirBlack botnet mainly infects popular CMS platforms, exploiting dozens of known vulnerabilities on targeted servers and performing millions of attacks per day on average, according to a pair of reports published by Imperva researchers today.
Source: Botnet Infects Hundreds of Thousands of Websites
CyberHub Podcast – Practitioner Brief 10-26-20 Emotet upgrades, Kashmirblack & ransomware surge
httpv://www.youtube.com/watch?v=2td9wQ4LleY&ab_channel=TheCyberHubPodcast
October 27th, 2020 12:00 pm
KashmirBlack, a new botnet in the threat landscape that rapidly grows
https://securityaffairs.co/wordpress/110014/cyber-crime/kashmirblack-botnet.html