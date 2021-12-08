



Google announced this morning that it has disrupted Russia-based Glupteba’s command and control infrastructure. Glupteba is a blockchain-backed botnet used to target Windows machines.

In a blog post on Tuesday, Google Vice President of Security Royal Hansen and General Counsel Hari Madelein Prado tracked Group Teva for several months before the company’s threat analysis group took technical and legal action against the group. I wrote that I was doing it.

Google has filed a lawsuit against a blockchain-enabled botnet in the hope that it will “hold legal responsibility for botnet operators and help prevent future activities.”

“As a result of thorough investigation, the Glupteba botnet currently involves about 1 million compromised Windows devices worldwide, sometimes growing at a rate of thousands of new devices per day. I found out, “the two write.

“Glupteba is famous for stealing user credentials and data, mining cryptocurrencies on infected hosts, and setting up proxies that centralize other people’s Internet traffic through infected machines and routers.”

Although Google was able to disrupt the major Glupteba command and control infrastructure, the group’s “sophisticated architecture and recent botnet maintenance, operational expansion, and implementation by the organizers. Actions can make actions temporary. ” Extensive criminal activity. “

Google believes that legal action will make it difficult for groups to use other devices. The proceedings pointed out the involvement of other unknown actors and nominated Dmitry Starobikov and Alexeia Filippov.

The proceedings were filed in the Southern District of New York. Starovikov and Filippov have been sued for computer crime control laws, trademark infringement, and more. Google has also filed a temporary injunction in an attempt to “hold the operator true legal liability.”

But Google was also honest about the fact that the group’s use of blockchain technology has increased the resilience of botnets. They also pointed out that more cybercriminal organizations are using blockchain technology. This allows the botnet to recover more quickly because it is decentralized.

Shane Huntley and Luca Nagy, members of Google’s Threat Analysis Group (TAG), explained in a blog post: It is delivered primarily through the Payper Install (PPI) network and traffic purchased from the Traffic Delivery System (TDS). “

Google’s TAG and other companies have terminated approximately 63 million Google Docs confirmed to have distributed Glupteba, 1,183 Google accounts, 908 cloud projects, and 870 Google advertising accounts related to the distribution of Glupteba. bottom. According to Huntley and Nagy, a warning from Google Safe Browsing alerted about 3.5 million users before downloading malicious files.

As part of the research, Google used Chainalysis products and research services to help understand botnets.

Erin Plante, senior director of research services Chainalysis, told ZDNet that botnets have a link between the two major cryptocurrencies. It’s a crypto jack and a previously unknown tactic used to avoid shutdowns.

She added that the investigation revealed a cryptocurrency transaction that took place at Federation Tower East, a luxury office building in Moscow, where many cryptocurrency businesses known for criminal money laundering are headquartered.

Plante explained that Glupteba operators used machines that infringed for several criminal schemes, including the use of computing power to mine cryptocurrencies.

According to Plante, Glupteba used the Bitcoin blockchain to encode the updated Command and Control Server (C2) into Op_Returns for Bitcoin transactions. It can scan the blockchain to find a new C2 server domain address every time one of Glupteba’s C2 servers is shut down, which is in hundreds of thousands of daily Bitcoin transactions around the world. It means it was hidden.

Plante said this was the first known case of a botnet using this approach. “This case states that virtually every company’s cybersecurity team that can be the target of cybercriminals needs to understand cryptocurrencies and blockchain analytics to stay ahead of cybercriminals. is showing.”

