News & Insights

Topic: Bots

Beyond the SISSDEN event horizon

October 1, 2019
Between May 2016 and April 2019, The Shadowserver Foundation participated in the SISSDEN EU Horizon 2020 project. The main goal of the project was to improve the cybersecurity posture of EU entities and end users through the development of situational awareness and sharing of actionable information. It exceeded KPIs, with 257 sensors in 59 countries, using 974 IP addresses across 119 ASNs and 383 unique /24 (Class C) networks, and collected 31TB of threat data. This blog post provides detail on Shadowserver's role in SISSDEN, including a 3 minute explainer video.

Goznym Indictments - action following on from successful Avalanche Operations

May 16, 2019
The US DoJ, FBI and international LE partners announce multiple indictments against the alleged operators and customers of the Goznym malware, controlled via the Avalanche platform. Sinkhole data continues to be available from The Shadowserver Foundation, as part of ongoing sinkholing over over 20 Avalanche malware strains.

Mirai Botnet #14: 1 Million German customers disrupted, Liberia taken off line and now the culprit has been convicted

January 12, 2019
The huge Mirai Botnet #14 IoT botnet attacks were successfully stopped and sinkholed by the German BKA and The Shadowserver Foundation, and the actor behind them was identified, arrested and prosecuted in both Germany (with the BKA) and the UK (with the NCA). Sentencing details were made public in the UK today.

Avalanche 1,2,3…

December 2, 2018
Year 3 of our ongoing Avalanche operations with international law enforcement continue to provide protection for over 2 million unique IP addresses per day against 20+ different strains of malware, including the Andromeda dropper from year two. This has required an unprecedented blocking/seizing of over 2.4 million malicious domain names to date. Sinkhole data continues to be available to subscribers via our free daily network reports.

3ve Takedown / Operation Eversion

November 27, 2018
Operation Eversion was the takedown of the highly sophisticated Boaxxe/Kovter botnet based "3ve" (pronounced "Eve") ad fraud network by the DoJ/FBI, Google, WhiteOps and other industry partners. Sinkhole data is available from Shadowserver.

VPNFilter - FBI Sinkholing

May 23, 2018
VPNFilter is a multi-stage modular malware platform designed to infect small office and home office (SOHO) routers and other network devices, believed to be connected to APT28. It was sinkholed under court order by the FBI, with infected device data being made available via Shadowserver's free daily network reports.