Momentum: Researchers have discovered new activity from the Momentum botnet including not only the spread of the botnet, but also DDoS activity from affected devices. Momentum has been targeting IoT devices running Linux operating systems which are known to be susceptible to attacks involving botnets, ransomware, and crypto-miners. One of the main purposes of the Momentum botnet is to open backdoors and accept commands from command and control (C2) servers for DDoS attacks. Momentum has been seen distributing Mirai, Kaiten, and Bashlite backdoors, although in this specific wave only Mirai has been seen being distributed. After infecting a targeted device, Momentum achieves persistence by modifying the “rc” files before joining the C2 server and connecting to an internet relay chat (IRC) channel called #HellRoom. The IRC channel #HellRoom is where infected devices are given commands from the botnet operators.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in