Microsoft researchers have detected a hybrid cross-platform botnet, MCCrash (DEV-1028), designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. The botnet infects Windows and various Linux distribution machines for further use in DDoS attacks.
According to Microsoft, the botnet originates from malware downloads on Windows devices and can also propagate to Linux-based devices. The botnet spreads by “enumerating default credentials on internet-exposed Secure Shell (SSH) enabled devices.”
Even if the malware is removed from the originating Windows host machine, it could persist on other Internet of Things (IoT) or Linux-based hosts.
Microsoft is formally tracking this botnet activity as DEV-1028.
While the Microsoft researchers’ analysis concludes that it is primarily focused on targeting private Minecraft servers in DDoS attacks, it is possible that the DDoS attacks can be used for other targets.
The researchers also found that most of the infected devices appear to originate in Russia over a three-month period.
Microsoft urges users to keep their operating systems up to date, and review network security controls to assess vulnerabilities to IoT devices—which this botnet targets.
Microsoft is also sharing the Minecraft server version information for owners of private servers to update and ensure they are protected from this threat.
DDoS attacks are nothing new in the cyber domain and remain a popular method to cause havoc to affected users. While the primary goal is to simply deny the availability of a resource or information, it can still impact operations.
Threat actors performed a DDoS attack against many top US airport websites earlier this year in the United States. The threat actors identified were also Russian, although there appears to be no connection to this incident.
