Feike Hacquebord
@feikeh.bsky.social
Principal Threat Researcher at Trend Micro
One of my favorite pieces of evidence we were able to obtain was 7 videos with English text, which painstakingly explain how to set up a Beavertail C&C. The screen recording, lasting more than 1 hour, was created by someone logged in with a BlockNovas account from an IP address probably in Russia.
April 24, 2025 at 8:04 AM
One of my favorite pieces of evidence we were able to obtain was 7 videos with English text, which painstakingly explain how to set up a Beavertail C&C. The screen recording, lasting more than 1 hour, was created by someone logged in with a BlockNovas account from an IP address probably in Russia.
Nsocks provides an alternative explanation: "Competitors have hired an organization that has blocked our back-connect servers and continues DDOS attacks." Nsocks now also mandates authentication for their SOCKS5 entrance nodes (which was not the case previously - security by obscurity)
November 26, 2024 at 1:01 PM
Nsocks provides an alternative explanation: "Competitors have hired an organization that has blocked our back-connect servers and continues DDOS attacks." Nsocks now also mandates authentication for their SOCKS5 entrance nodes (which was not the case previously - security by obscurity)
One week ago Lumen/Shadowserver sinkholed Water Barghest C&Cs. Nsocks (alleged seller of Ngioweb bots) apparently suffers from this: US proxies down to 4494 (was 14037), EU proxies down to 2038 (was 9092). I expected a faster recovery. Still expect Water Barghest will make their botnet more robust.
November 26, 2024 at 12:53 PM
One week ago Lumen/Shadowserver sinkholed Water Barghest C&Cs. Nsocks (alleged seller of Ngioweb bots) apparently suffers from this: US proxies down to 4494 (was 14037), EU proxies down to 2038 (was 9092). I expected a faster recovery. Still expect Water Barghest will make their botnet more robust.