April 25, 2024 By Bill Toulas
Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses.
Since last September, the sinkhole server received over 90,000 requests every day from infected hosts in more than 170 countries.
Since September 2023, when Sekoia captured the unique IP address associated with the particular C2, it has logged over 2,495,297 unique IPs from 170 countries interacting with its sinkhole.
This action enabled the security firm to analyze traffic, map infections, prevent malicious exploitation of clients, and devise effective disinfection plans.