The Black Lotus Labs team at Lumen has discovered KadNap, a sophisticated malware targeting Asus routers and conscripting them into a botnet used for proxying malicious traffic. KadNap utilizes a custom Kademlia DHT protocol to conceal its infrastructure and evade detection, making disruption difficult. The botnet, with over 14,000 infected devices, is marketed through a proxy service called "Doppelganger", linked to the previously known Faceless service. A significant portion of the victims (60%) are located in the United States. Lumen has proactively blocked traffic to KadNap’s control infrastructure and is sharing indicators of compromise.
Exploring the unified XDR and SIEM capabilities of Wazuh, a free, open-source security platform that provides robust endpoint and cloud workload protection, threat intelligence, and response, and more. Discusses the platform's features, integration, and scalability.
