Quote:A recently developed botnet named “Simps” has emerged from the cyber-underground to carry out distributed denial-of-service (DDoS) attacks on gaming targets and others, using internet of things (IoT) nodes. It’s part of the toolset used by the Keksec cybercrime group, researchers said.
According to the Uptycs’ threat research team, Simps was first seen in April being dropped on IoT devices by the Gafgyt botnet. Gafgyt (a.k.a. Bashlite) is a Linux-based botnet that was first uncovered in 2014. It targets vulnerable IoT devices like Huawei routers, Realtek routers and ASUS devices, which it then uses to launch large-scale DDoS attacks and download next-stage payloads to infected machines. It recently added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.
In the current campaign, Gafgyt infects Realtek (CVE-2014-8361) and Linksys endpoints, and then fetches Simps. Simps itself then uses Mirai and Gafgyt modules for DDoS functionality, according to the analysis, released on Wednesday.
Another variant of the attack uses shell scripts for downloading Simps.
Read more: Keksec Cybergang Debuts Simps Botnet for Gaming DDoS | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
