Keksec Cybergang Debuts Simps Botnet for Gaming DDoS

The Uptycs threat research group warns of a new botnet called The Simps. Its creation is credited to the criminal group Keksec, which specializes in DDoS attacks. According to the researchers, the Gafgyt botnet has become a kind of “base” for the deployment of the Simps malicious code.

The first infections began in April. Gafgyt (also known as Bashlite) is a Linux-based botnet first discovered in 2014. It targets vulnerable IoT devices such as Huawei routers, Realtek routers and ASUS devices, which it then uses to launch large-scale DDoS attacks. The malware has recently added new functionality for using exploits to hack devices.

Thanks to links to chat on Discord and Telegram, experts attribute the creation of the Simps to the Keksec group (also known as Kek Security), which is a vast group of threats known for exploiting vulnerabilities to invade multiple architectures using polymorphic tools (running on different platforms and operating systems).

In this regard, corporate users and network administrators are advised to:

  • Regularly monitor suspicious processes, events and network traffic that occur when executing any unreliable or suspicious scripts;
  • Be wary of external scripts;
  • Update systems and firmware of all network devices to the latest releases and versions.