April 9, 2024 By Bill Toulas
A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain.
According to a new report by Sysdig, RUBYCARP currently operates a botnet managed via private IRC channels comprising over 600 compromised servers.
Sysdig has found 39 variants of the RUBYCARP botnet's Perl-based payload (shellbot), with only eight appearing on VirusTotal, illustrating low detection rates for the activity.
"The Sysdig Threat Research Team (Sysdig TRT) recently discovered a long-running botnet operated by a Romanian threat actor group, which we are calling RUBYCARP," explains the researchers.
"Evidence suggests that this threat actor has been active for at least 10 years."
The researchers have noted some associations with the Outlaw APT threat group, though the link is loose and based on common tactics used across botnets.
