Cybersecurity researchers are raising alarms about the increasing prevalence of XorDDoS malware, particularly targeting the United States with 71.3% of attacks observed between November 2023 and February 2025. Cisco Talos analyst Joey Chen highlights the malware's evolution, noting that it not only commonly strikes Linux machines but has also expanded to Docker servers. The trojan utilizes SSH brute-force attacks for entry and establishes persistence through scripts. It's observed that a new VIP version of XorDDoS is being distributed, suggesting commercialization within cybercriminal networks.
From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence, due to both its global distribution and uptick in malicious DNS requests.
This trend is not only due to the widespread global distribution of the XorDDoS trojan but also an uptick in malicious DNS requests linked to its command-and-control infrastructure.
Collection
[
|
...
]