Cyber criminals have covertly hijacked more than 14,000 devices globally to construct a never-before-seen cyber weapon, security experts have revealed. The sophisticated new malware, known as 'KadNap', is infecting devices to carry out attacks that are nearly impossible to defend against, according to a report from cybersecurity firm Lumen.
How the KadNap Botnet Operates
The majority of devices compromised by KadNap are Asus routers, which are being exploited to route malicious traffic for large-scale cyber assaults. A botnet is formed by breaching the security of internet-connected devices, such as routers or smart appliances, and linking them together to execute distributed-denial-of-service (DDoS) attacks. These attacks overwhelm websites and online services with traffic, forcing them offline.
Decentralised Design Evades Detection
Lumen's report details that KadNap uses a decentralised peer-to-peer system to avoid network detection, making it exceptionally resilient. Unlike traditional botnets, there is no central server that law enforcement can easily shut down. This design allows the malware to operate stealthily, with infected devices often showing only minor symptoms like slightly sluggish internet speeds for average users.
"As modern society increasingly relies on internet-exposed Internet of Things (IoT) devices, the opportunities for malicious actors to exploit vulnerabilities continue to abound," the report stated. "Threat actors are building large-scale botnets specifically designed to hijack devices in this growing pool of targets, using them to route traffic and evade detection by network security systems."
Global Impact and Victim Locations
While the majority of KadNap victims are located in the United States, security researchers have identified infected devices in multiple countries, including:
- The United Kingdom
- Australia
- Brazil
- Russia
- Various nations across Europe
This widespread distribution highlights the global threat posed by the botnet, with household routers being used to bypass conventional security filters. Since the traffic appears to originate from ordinary web browsing, it can slip past defenses undetected.
Malicious Uses and Persistent Risks
KadNap's bots are marketed through a service called Doppelganger, where users leverage these hijacked devices for a range of nefarious purposes. These include:
- Brute-force attacks
- Highly targeted exploitation campaigns
- Other malicious activities that threaten organizations and individuals
"Their intention is clear: avoid detection and make it difficult for defenders to protect against," Lumen's report concludes. "As a result, every IP address associated with this botnet represents a significant, persistent risk to organizations and individuals alike."
The emergence of KadNap underscores the escalating challenges in cybersecurity, as attackers innovate to exploit the expanding IoT landscape. With its decentralised architecture and use of common household devices, this botnet sets a new precedent for cyber threats that demand advanced defensive strategies.
