Adrian Johnson
TLDR:
Key Points:
- Threat actors are using high-performance bots for large-scale automated attacks efficiently.
- Bondnet has been discovered using high-performance bots for C2 servers, configuring reverse RDP environments on stolen systems.
Cybersecurity researchers have found that Bondnet, a threat actor known for deploying backdoors and cryptocurrency miners, has been utilizing high-performance bots for their Command and Control (C2) servers. By configuring reverse RDP environments on fast stolen systems, Bondnet has been able to orchestrate sophisticated cyber operations largely autonomously. The threat actors have been using tools like Cloudflare tunneling client and HFS program to connect compromised targets with their C2 domain, indicating a shift towards exploiting high-speed compromised systems as part of their infrastructure. Although no data exfiltration or lateral movement was detected, the use of these high-performance bots raises concerns about the scale and efficiency of automated attacks being carried out by threat actors like Bondnet.
