Ethan Foltz, 22, was arrested and charged in the District of Alaska with developing and administering the Rapper Bot DDoS-for-hire botnet active since at least 2021. Operators used brute-force campaigns in August and December 2022 to compromise devices with weak SSH and Telnet credentials. In 2023 the botnet expanded into cryptojacking for Intel x64 machines, initially deploying a separate Monero miner before merging it into the Rapper Bot binary. The botnet targeted DVRs and Wi‑Fi routers across more than 80 countries, impacted a US Department of Defense network and major tech firms including X, and conducted hundreds of thousands of attacks.
Campaigns in August 2022 and December 2022 focused on brute-forcing devices with weak or default SSH and Telnet credentials to expand the botnet's footprint for launching DDoS attacks. The following year, analysis from Fortinet shows it started branching out into cryptojacking, specifically for Intel x64 machines. At first, the attackers deployed and executed a separate Monero cryptominer alongside the usual Rapper Bot binary, later combining both functionalities into a single bot.
According to authorities, Rapper Bot has been responsible for more than 370,000 attacks since April, targeting 18,000 unique victims. It used between 65,000 and 95,000 infected victim devices to regularly conduct DDoS attacks that amounted to between two to three terabits per second, with the largest attack believed to have topped six terabits per second. Even the smallest of these could cost the victim up to $10,000, according to the Department of Justice (DOJ).
Collection
[
|
...
]