SiliconAngle reports that threat actor Matrix has compromised more than 35 million internet-connected devices around the world, most of which were in China and Japan, as part of a massive distributed denial-of-service attack campaign.
Despite primarily leveraging the Mirai botnet to facilitate its DDoS intrusions, Matrix has also exploited known Apache HugeGraph and Arcadyan firmware flaws and the SSH and Telnet administrative protocols, while utilizing Discord bots to enable encrypted DDoS command execution, according to a report from Aqua Security's Nautilus threat research team. Monetization has also been sought by Matrix through a Telegram-based store that offers other threat actors the capability to deploy Level 4 or Level 7 DDoS attacks. "Matrix's campaign highlights how basic security lapses can lead to widespread vulnerabilities. Addressing these gaps, such as misconfigured devices and unpatched systems, is essential to reducing exposure to such large-scale threats," said researchers, who urged organizations to restrict admin IoT and enterprise system interface access and implement network monitoring tools, among others, to prevent potential attacks.
