Unveiling the Zergeca Botnet: A New Cybersecurity Threat
Cybersecurity researchers have recently discovered a new botnet named Zergeca, which is making waves in the digital world due to its ability to conduct powerful distributed denial-of-service (DDoS) attacks. Written in the Golang programming language, Zergeca is not your typical botnet; it boasts a range of advanced capabilities that pose significant threats.
Advanced Features of the Zergeca Botnet
The Zergeca botnet derives its name from a string called “ootheca” found in its command-and-control (C2) servers, such as ootheca.pw and ootheca.top. According to the QiAnXin XLab team, Zergeca goes beyond standard DDoS functions. It supports six different attack methods and has features for proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information.
One of the notable aspects of Zergeca is its use of DNS-over-HTTPS (DoH) to resolve the C2 server’s Domain Name System (DNS). It also utilizes a lesser-known library called Smux for C2 communications, enhancing its stealth and efficiency.
Development and Evolution of Zergeca
Evidence suggests that Zergeca is still actively evolving, with its developers frequently updating it to support new commands. The C2 IP address 84.54.51[.]82, previously linked to the distribution of the notorious Mirai botnet in September 2023, has now been repurposed for Zergeca. This indicates that the creators of Zergeca may have honed their skills by operating Mirai botnets before launching this new threat.
Zergeca’s Impact and Attack Methods
Between early and mid-June 2024, Zergeca launched several ACK flood DDoS attacks targeting Canada, Germany, and the United States. The botnet’s features are organized into four distinct modules: persistence, proxy, silivaccine, and zombie. These modules enable the botnet to establish persistence by adding a system service, implement proxying, eliminate competing malware, and gain control over devices with x86-64 CPU architecture.
The zombie module plays a crucial role by reporting sensitive information from compromised devices to the C2 server and awaiting commands. It supports various functions, including six types of DDoS attacks, scanning, and reverse shell operations.
The Growing Threat of Zergeca
As Zergeca continues to develop, it poses a growing threat to cybersecurity. The sophisticated capabilities of this botnet highlight the need for robust cybersecurity measures and vigilant monitoring to protect against such evolving threats.
For more insights on cybersecurity and protecting your systems, check out our Cybersecurity 101 guide. Stay updated with the latest cybersecurity news and trends by visiting Cybersecurity News.
