Cybersecurity researchers have identified a new threat targeting the gaming community, a DDoS-as-a-Service botnet backed by Mirai malware. This botnet, discovered by the Sysdig Threat Research Team, operates under the domain “rebirthltd.com” and is financially motivated, leveraging Mirai malware to rent out hacked devices for orchestrating distributed denial-of-service (DDoS) attacks. These attacks flood targets with traffic, causing service disruptions or outages. The service, marketed via Telegram and online shops, predominantly targets gamers but also poses risks to corporate entities.
The botnet is part of a growing trend in cybercrime where threat actors sell DDoS tools as a subscription service. Mirai-derived botnets like RebirthLtd make it easy for hackers to extort businesses, harm individuals, and remain anonymous. The operators behind RebirthLtd include various hacking groups, some of which are linked to previous malware campaigns. For instance, the botnet’s infrastructure shows connections to domains associated with earlier malware variants like Rebirth/Vulcan, highlighting a continuous evolution of these threats.
Investigations into RebirthLtd reveal its roots in previous malware families, such as Gafgyt and QBot, and its use of malicious scripts to download and execute harmful payloads. This development underscores the persistent danger posed by the release of Mirai’s source code, which has fueled the proliferation of botnets. The need for vigilant vulnerability management and runtime threat detection is crucial to mitigating these evolving cybersecurity threats.
Reference:
