Cybersecurity researchers have uncovered new information about the Romanian threat actor Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks.
Diicot, also known as Mexals, was initially discovered in July 2021 and was linked to a cryptojacking campaign. Recent analysis shows that Diicot is now using an off-the-shelf botnet agent called Cayosin, indicating its capability for DDoS attacks.
The group also engages in activities such as doxxing and utilizes Discord for command-and-control and data exfiltration. Diicot’s tactics involve exploiting SSH servers with weak credentials and deploying additional malware.
To protect against these attacks, organizations are advised to implement SSH hardening and firewall rules.
