Home Science & Technology Fodcha DDoS botnet re-emerges with new capabilities

Fodcha DDoS botnet re-emerges with new capabilities


Threat actor for Fodcha Researchers reveal that a distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities.

This includes changes to the communication protocol and the ability to demand cryptocurrency payments in exchange for stopping a DDoS attack against a target, Qihoo 360 Network Security Research Lab said in a report published last week.

Fodcha was born for the first time earlier this April, the malware spread through known vulnerabilities in Android and IoT devices, as well as weak Telnet or SSH passwords.

The cybersecurity company said Fodcha has evolved into a large-scale botnet with more than 60,000 active nodes and 40 control (C2) domains that can “easily generate more than 1 Tbps of traffic.”

Activity is said to have peaked on October 11, 2022, when the malware targeted 1,396 devices in a single day.

Countries targeted by the botnet since late June 2022 include China, the United States, Singapore, Japan, Russia, Germany, France, the United Kingdom, Canada, and the Netherlands.

Some of the known targets range from healthcare and law enforcement organizations to a well-known cloud service provider that was attacked with traffic exceeding 1 Tbps.


The evolution of Fodcha has also been accompanied by new hidden features that encrypt communication with the C2 server and insert redemption requirementsmaking him a more powerful threat.

“Fodcha reuses a lot of the Mirai attack code and supports a total of 17 attack methods,” the cybersecurity firm noted.

Cyber ​​security

The findings are new research from Lumen Black Lotus Labs noted growing abuse of lightweight connectionless directory access protocol (CLDAP) to increase the scale of DDoS attacks.

To this end, 12,142 open CLDAP reflectors were identified, most of which are distributed in the United States and Brazil, and to a lesser extent in Germany, India, and Mexico.

In one case, a CLDAP service associated with an unnamed regional retail business in North America was seen to direct “problematic traffic volumes” to a wide range of targets for more than nine months, radiating up to 7.8 Gbps of CLDAP traffic.

Previous articleLower humidity in urban areas mitigates heat stress outside
Next articlePerspective: Our People Priority | Transportation topics