A botnet of 130,000 devices is launching a Password-Spraying attack on Microsoft 365, bypassing MFA and exploiting legacy authentication to access accounts.

A new botnet-powered cyber attack is putting Microsoft 365 users at risk. Security researchers at SecurityScorecard have reported that over 130,000 compromised devices are being used to launch coordinated password-spraying attacks against Microsoft 365 accounts.

****What’s Happening?****

Instead of relying on the usual login mechanisms that trigger alerts through repeated failed attempts, the attackers are using non-interactive sign-ins for their campaigns. This method is normally meant for automated processes or background services and does not invoke the usual MFA checks. As a result, suspicious activities may go unnoticed by security monitoring systems that focus on standard user log-ins.

What’s more, attackers are making systematic attempts using stolen credentials from infostealer logs. Their approach targets a wide range of Microsoft 365 tenants, affecting organizations from financial services, healthcare, government, technology firms, and educational institutions.

****How the Attack Works****

*   **Non-Interactive Sign-Ins:** The attackers perform sign-in attempts that do not trigger immediate account lockouts or alerts. Since these log-ins are not interactive, they often escape the notice of standard monitoring tools.

*   **Basic Authentication Abuse:** By exploiting legacy Basic Authentication protocols, attackers send user credentials without encryption. This leaves accounts more exposed compared to modern authentication methods.

*   **Command and Control Coordination:** Evidence shows that attackers are coordinating their efforts through six command-and-control (C2) servers. These servers communicate with thousands of infected devices and are supported by proxy services from well-known cloud providers with ties to China. Analysis of the network traffic has revealed several open ports on these servers, which are likely used for tasks such as managing the botnet and sending instructions to the compromised devices.

According to SecurityScorecard’s report, this is concerning for organizations relying on Microsoft 365, as they face multiple risks. Unauthorized account access can expose sensitive emails, documents, and collaboration tools to attackers. Service disruptions may occur due to repeated login attempts, leading to account lockouts that interrupt daily operations.

Additionally, once in control, cybercriminals can misuse compromised accounts for phishing campaigns or move laterally within the organization, further escalating security threats. Because the attack exploits non-interactive sign-ins, teams that monitor just the usual interactive log-in events might miss these suspicious activities. Updating security monitoring to include non-interactive log events is an important step for organizations using Microsoft 365.

Security teams are encouraged to review sign-in logs carefully. Paying attention to non-interactive log entries and suspicious login attempts can help spot this kind of unwanted activity.

Organizations should audit background service accounts by identifying those using Basic Authentication and updating any exposed credentials found in non-interactive sign-in logs. It’s also crucial to review authentication methods and transition from legacy protocols to modern authentication practices that fully support MFA.

Additionally, monitoring for unusual traffic, such as abnormal login patterns or connections from IP addresses associated with command and control servers, can help detect and mitigate potential security threats.

With Microsoft planning to fully retire certain Basic Authentication protocols later this year, now is a good time for organizations to strengthen their protection against these kinds of covert attacks.

Jason Soroko, Senior Fellow at Sectigo, a Scottsdale, Arizona-based provider of comprehensive certificate lifecycle management (CLM), offers valuable insights into securing non-interactive logins in Microsoft 365.

“Non-interactive logins are widespread in Microsoft 365, driven by service accounts, automated tasks, and API integrations,” Soroko explains. “They often represent a significant portion of overall authentication events, as background processes routinely access resources without direct user input.”

Unlike interactive user authentication, Multi-Factor Authentication (MFA) isn’t typically applicable to non-interactive logins. “Instead, these automated logins should use alternative secure mechanisms such as certificates, or other forms of non-shared managed identities,” Soroko advises. “Organizations should better secure non-interactive access with conditional access policies, strict credential management, and continuous monitoring.”

Microsoft 365 offers configurations to restrict non-interactive logins. “Administrators can enforce stronger authentication via conditional access policies and block legacy protocols that facilitate these silent sign-ins,” Soroko notes. “However, such restrictions must be applied thoughtfully to avoid disrupting legitimate automated processes.”

Botnet of 130K Devices Targets Microsoft 365 in Password-Spraying Attack

Several government departments are investigating TP-Link routers over Chinese cyberattack fears, but the company denies links.

If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more. Please also consider subscribing to WIRED

TP-Link is one of the most popular router manufacturers in the US, but the company is facing a potential ban due to security concerns about its links to China. A December report from The Wall Street Journal revealed that the US Commerce, Defense, and Justice Departments are investigating TP-Link, though no evidence of deliberate wrongdoing has yet emerged.

“We are a US company,” Jeff Barney, president of TP-Link told WIRED, “We have no affiliation with TP-Link Tech, which focuses on mainland China, and we can prove our separateness.”

The investigation was sparked by a letter from John Moolenaar, a Republican for Michigan, and Raja Krishnamoorthi, a Democrat of Illinois. Both are on the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party. They outlined concerns that Chinese state-sponsored hackers may be able to compromise TP-Link’s routers more easily than other brands and thereby infiltrate US systems, and that TP-Link is subject to Chinese law, meaning it can be forced to hand over sensitive US information by Chinese intelligence officials.

Photograph: Simon Hill

TP-Link was founded in China in 1996 by two brothers, and TP-Link USA was established in 2008. It wasn’t until 2022 that the Chinese and US wings began to split. The process of moving the 170 subsidiaries and all the related ownership out of Hong Kong and into the United States was delayed by the pandemic, says Barney, but it was divested and restructured by 2024.

TP-Link now has headquarters in California and Singapore and manufactures in Vietnam. It researches, designs, develops, and manufactures everything except chipsets in-house, according to Barney. “Our entities in China are governed directly by us, our employees badged by us, secured by us, in our own facilities.” He also says TP-Link has shared documentation with investigators and that its factory in Vietnam was audited by US retail partners like Walmart, Best Buy, and Costco.

“Everybody has a Nexus in China,” Barney says. He claims that American rival Netgear uses Chinese ODMs (original device manufacturers) to build its products and that even Apple relies on manufacturing in China. Netgear says its routers are manufactured in Taiwan, Vietnam, and Thailand, not China.

**Competition Concerns**

The WSJ report suggests that TP-Link has a leading 64.9 percent share of the US router market, but TP-Link disputes this. The company claims its share hovered around 20 percent for the last few years, but jumped to a 36.5 percent unit share and a 30.7 percent dollar share in 2024. But even TP-Link’s lower estimate shows a company in the ascendancy. This dominance has been driven by aggressively low prices and a relatively early roll-out of Wi-Fi 7 routers, perceived by some as a concerted effort to flood the US market.

“Technology should not be exorbitant,” Barney says. “We're trying to democratize these products.”

However, the wide product range raises questions, with many wondering how TP-Link can profit from routers sold at such low prices compared to the competition. Former CNET reviewer Dong Ngo explores this point on the in-depth router review website, Dong Knows.

Concerns about the links between Chinese companies and its government are nothing new. The ban on Huawei’s networking equipment and US sanctions came after years of cybersecurity concerns and intellectual property lawsuits brought by US companies. The TikTok ban is not being enforced by President Donald Trump’s administration, but owner ByteDance is still under pressure to divest its US operations. These situations can be tricky for the average person to navigate because the lines between shoddy security, Chinese espionage, US protectionism, and the growing trade war are distinctly blurry and are not mutually exclusive.

It’s no secret that US competitor Netgear has been lobbying the US government on “cybersecurity and strategic competition with China.” Netgear has had a tough couple of years after adopting a premium pricing strategy that did not resonate with consumers. It has also been embroiled in litigation against TP-Link for patent infringement, resulting in TP-Link paying a $135 million settlement in September 2024.

**Are TP-Link Routers Secure?**

TP-Link has signed CISA’s “Secure by Design” pledge and is part of the Technical Exchange Group. It has a vulnerability disclosure program, where independent researchers and the security community can report potential issues to security@tp-link.com. It claims report response time was 8.4 days on average in 2023, with patches released in an average of 38.5 days. The company is also planning to launch a bug bounty program.

Barney claims TP-Link’s rate of vulnerabilities per product is significantly lower than many of its peers, including Netgear and Cisco, citing public data collected by Finite State, an independent US cybersecurity company, from CVE Details, VulDB, and CISA (Cybersecurity and Infrastructure Security Agency), but not everyone agrees.

“TP-Link does not have a great reputation for patching vulnerabilities or working with security researchers, which does raise alarm bells,” Pieter Arntz, malware intelligence researcher for Malwarebytes told WIRED via email.

Photograph: TP-Link; Data Source: U.S. Cybersecurity and Infrastructure Security Agency

TP-Link was criticized in a recent Microsoft report over a “password spraying” hack that mostly impacted its routers, and the report suggested Chinese “nation-state threat actor activity.” Barney says these were end-of-service products and that Asus and Netgear routers were also impacted.

Other incidents include a Check Point Research exposé of a malicious firmware implant for TP-Link routers, linked to a Chinese state-sponsored “advanced persistent threat” group dubbed “Camaro Dragon.” Cyfirma researchers also found TP-Link router vulnerabilities for sale on underground forums.

“It’s also a challenge because regardless of the home router vendor, there will always be vulnerabilities found,” Arntz says.

A part of the problem with older routers is that the onus is often on the user to download and install updates, and this is rarely automatic or as simple as clicking on “update,” which means many patches are never installed, creating vulnerable devices for any savvy cybercriminals or nation-states. Even months after TP-Link released patches for a vulnerability on its popular Archer AX21 router, hackers continue to scan for and exploit it on unpatched routers.

These security concerns are moot in the face of built-in backdoors. Backdoors can be pieces of code or even hardware added to the circuit board that enables remote parties to gain access and potentially control the device. There’s no evidence that TP-Link devices have backdoors, but, as Ngo points out, when you use an online account with your router, you are already giving the company access through the front door. Whether remote connectivity is justified by the need for automatic software updates, remote control access, or other features for users, it effectively gives the manufacturer access to your router.

**Should You Worry?**

Ultimately, the concern isn’t so much about the Chinese government or other malicious actors spying on your web browsing habits—though that is possible—it’s the idea they might employ your router as a part of a botnet to launch a cyberattack on a US government agency or major service provider.

The NSA has been concerned about Chinese hackers for some time now, and China's Salt Typhoon spies continue to infiltrate US internet service providers and telecommunications companies. Speaking on the _NatSec Tech_ podcast recently, former special assistant to the president and cybersecurity coordinator on the US National Security Council, Rob Joyce, likened TP-Link routers to a Trojan Horse and suggested China is pre-positioning for a potentially devastating attack on US infrastructure.

While some cybersecurity experts suggest a ban is imminent, Barney is confident that TP-Link routers won’t be banned. Investigations are ongoing. Even if the government doesn't find anything or decides against a ban, it won’t publicly clear TP-Link. It’s more likely the investigation will fade from the news.

Photograph: Simon Hill

For owners of a TP-Link router or anyone considering buying one, it all boils down to trust. We've tested and recommend several TP-Link routers and Deco mesh systems in our buying guides because they offer good value and great performance. But we continually update our guides and will monitor the situation before deciding whether we need to reconsider those recommendations.

There’s no easy fix because all the major router manufacturers have issues with vulnerabilities, and most of them require you to use an online account. You can go down the rabbit hole with router security, or seek out security-focused brands like Firewalla, but expect to pay more for your equipment in both time and money.

Even if you stick with what you have, there are steps you can take to be more secure online. We recommend using a VPN service and learning a little about router settings. Malwarebytes’ Arntz says the most secure router is the one on which you are comfortable changing the settings: credentials, firewall options, and especially installing updates.

Here’s his advice for home TP-Link router owners who are concerned:

*   First, update your login credentials. Ensure you have moved away from the default login credentials set by the router manufacturer (or internet provider). Make this password different from your Wi-Fi name and password. And remember, length equals strength when it comes to passwords.
*   Second, patch your device and set a reminder to check regularly for firmware updates.
*   Third, turn on the firewall and Wi-Fi encryption. You can find these settings by logging into your router from its app or website.
*   Finally, consider purchasing a new router from a different vendor with a less problematic history.

TP-Link also manufactures a wide range of smart home devices marketed under the Tapo brand, including everything from security cameras to water leak detectors. These are not part of the current investigation, which seems to be focused solely on routers. TP-Link says it has applied to the FCC’s Cyber Trust Mark program administered by UL Solutions, which ensures that internet-of-things devices are tested and labeled secure. Sadly, there is no such program for routers.

The US Is Considering a TP-Link Router Ban—Should You Worry?

Massive 1.17 TB data leak exposes billions of records from a Chinese IoT grow light company. Wi-Fi passwords,…

Massive 1.17 TB data leak exposes billions of records from a Chinese IoT grow light company. Wi-Fi passwords, IP addresses, and device IDs are among the exposed data. Learn more.

A large, unprotected database belonging to Mars Hydro, a company specializing in IoT grow lights (Internet of Things Grow Lights) and agricultural software, was discovered by cybersecurity researcher Jeremiah Fowler.

The database, containing a whopping 2.7 billion records totalling 1.17 terabytes, exposed a treasure trove of sensitive information, including Wi-Fi network names (SSIDs), passwords, IP addresses, device IDs, email addresses, and more.  

According to Fowler’s blog post for vpnMentor which the company shared with Hackread.com ahead of publishing on Wednesday 12th February 2025, within the database, folders labelled for logging, monitoring, and error records of IoT devices worldwide were found. 

Sample analysis revealed over 100 million records across 13 folders, containing not only Wi-Fi network names but also their corresponding passwords, along with IP addresses and unique device identifiers.  Interestingly, the data also seemed to link to the control devices, such as smartphones, used to manage these IoT products, revealing information about operating systems (e.g. iOS and Android).

Further investigation linked the database to LG-LED SOLUTIONS LIMITED, a California-registered company.  API details and URLs associated with LG-LED SOLUTIONS, Mars Hydro, and Spider Farmer- all involved in the manufacturing and sale of agricultural grow lights, fans, and cooling systems- were also present in the exposed data.  Numerous records were specifically labelled as “Mars-pro-iot-error” or “SF-iot-error,” suggesting a connection to these specific product lines.  

Fowler also found error logs containing potentially sensitive information, including tokens, application versions, device types, and IP addresses, in addition to the Wi-Fi credentials. 

Following the discovery, Fowler promptly notified LG-LED SOLUTIONS and Mars Hydro, leading to the database being secured within hours. Mars Hydro, identified as a Shenzhen, China-based LED grow light manufacturer with warehouses in the UK, US, and Australia, confirmed to Fowler that the Mars Pro app is their official product. 

Nevertheless, questions remain regarding the database’s ownership, management, and the duration of its exposure. It is unclear if the database was managed directly by LG-LED SOLUTIONS or a third-party contractor. A thorough forensic audit would be required to determine the extent of any unauthorized access, Fowler noted in the blog post.

The Mars Pro app and connected devices have been exposing vast amounts of information. Such lapses can lead to misuse, like surveillance, man-in-the-middle attacks, and manipulation. The recently reported Matrix hacker group is a prime example of the ongoing exploitation of exposed IoT devices for DDoS botnets.

Additionally, studies indicate that a significant percentage of IoT devices (57%) are highly vulnerable, with a majority of transmitted data (983%) being unencrypted. To mitigate these risks, IoT device makers and app developers must prioritize data protection, avoid plain text logging, use encryption, secure internal cloud storage, and conduct regular security audits and penetration testing.

.

Massive 1.17TB Data Leak Exposes Billions of IoT Grow Light Records

SystemBC RAT now targets Linux, enabling ransomware gangs like Ryuk & Conti to spread, evade detection, and maintain encrypted C2 traffic for stealthy cyberattacks.

Threat analysts have identified a new and emerging threat: a variant of the SystemBC RAT (Remote Access Trojan) that is now actively targeting Linux-based platforms. This development puts corporate networks, cloud infrastructures, and IoT devices at risk.

The latest version of SystemBC RAT is more stealthy and harder to detect, using encrypted communication to stay hidden while letting attackers move freely through compromised systems.

****SystemBC RAT: From Windows to Linux****

SystemBC is a Remote Access Trojan (RAT) commonly used in cyberattacks to provide attackers with remote control over infected systems. 

Initially a Windows-only threat, it has now expanded to Linux, making it even more dangerous as Linux-based servers are widely used in enterprise environments.

ANY.RUN’s analysts compared SystemBC’s Windows and Linux traffic

****What Makes the Linux Version of SystemBC RAT Dangerous?****

Let’s look at how this malware operates and why it poses a serious threat to Linux-based systems.

****Encrypted Communication with C2 Servers****

The SystemBC RAT for Linux maintains encrypted communication with C2 servers using the same custom protocols as its Windows counterpart. 

This allows attackers to keep a stable connection across a unified infrastructure of both Windows and Linux implants, making it easier to control infected machines without raising suspicion.

While SystemBC RAT is designed to keep its C2 communication encrypted and hidden, it becomes fully visible inside an ANY.RUN analysis session. By running a real sample in the sandbox, security teams can see the malware’s network connections, file modifications, and process activities in real time.

**View ANY.RUN analysis session**

SystemBC RAT analyzed inside ANY.RUN sandbox

Below the Linux Virtual Machine window, all network connections and system modifications related to this specific attack are clearly displayed. 

Suricata rule triggered by SystemBC RAT

In the Threats section, we can see that an alert was triggered by the Suricata rule: “Malware Command and Control Activity Detected – BOTNET SystemBC.Proxy Connection.” This immediate detection allows analysts to track the infection process and understand how the malware operates.

****Proxy Implant for Lateral Movement****

The malware operates as a proxy implant, meaning it can facilitate lateral movement within a compromised network without deploying additional, easily detectable tools. This makes it a powerful weapon for attackers who seek persistence and deeper infiltration within corporate infrastructures.

****Evasion of Traditional Detection****

One of the most concerning aspects is that security vendors struggle to detect this version as belonging to the SystemBC family. This stealthy approach allows the RAT to remain undetected for extended periods, making it a persistent threat.

****Sandbox and Virtualization Evasion****

Besides signature-based evasion, SystemBC also detects virtualized environments to resist dynamic analysis. In a real ANY.RUN analysis session mentioned above, the MITRE ATT&CK framework flags reveal “Virtualization/Sandbox Evasion- System Checks,” showing that the malware actively performs system checks to determine if it’s running inside a security sandbox or virtual machine. 

By identifying these environments, SystemBC can alter its behaviour or terminate execution, helping attackers bypass automated malware analysis tools while remaining fully operational on real infected systems.

Defense evasion techniques and tactics detected by ANY.RUN sandbox

****Integration with Other Malware Strains****

SystemBC is rarely deployed on its own. It often works alongside other malware to expand an attack’s impact. In Windows attacks, it has been observed delivering ransomware like Ryuk and Conti, as well as banking trojans and infostealers. 

With its new Linux variant, similar threats will likely follow, putting enterprise servers and cloud environments at greater risk of data theft, ransomware encryption, and persistent backdoor access.

****Unmasking Hidden Threats Before They Strike****

Cyber threats are getting smarter, and businesses can’t afford to play catch-up. With SystemBC RAT now hitting Linux, attackers have a new way to hide C2 traffic, move through networks unnoticed, and drop additional malware. Traditional security tools often miss these stealthy tactics, leaving corporate networks, and critical infrastructure at risk.

However, with tools like ANY.RUN interactive sandbox, hidden doesn’t mean unstoppable. Your security team can:

*   Analyze threats safely in a controlled environment.
*   Respond faster, containing threats before they spread and cause real harm.
*   Spot evasion techniques before they do damage, exposing how threats slip past defences.
*   Extract key IOCs, strengthening your threat intelligence and prevention strategies.
*   See hidden malware behaviours in real-time, from network traffic to system changes.

SystemBC RAT Now Targets Linux, Spreading Ransomware and Infostealers

A joint operation by Spanish law enforcement has resulted in the apprehension of Natohub, a “dangerous hacker” suspected of orchestrating numerous cyberattacks against prominent organizations in Spain and internationally.

A joint operation between the National Police and the Civil Guard concluded in the arrest of a suspected cybercriminal in Calpe, Alicante. The individual, whose name has not been released but goes by the handle of Natohub on **Breach Forums**, is allegedly responsible for over 40 cyberattacks targeting public and private entities in Spain and internationally and compromising personal data and sensitive documents.  

Among the Spanish government entities reportedly affected are the Civil Guard, the Ministries of Defence and Education, the National Currency and Timbre Factory, several Spanish universities and the Generalitat Valenciana, the governing body of the Valencian Community.

Internationally, databases belonging to NATO, the US Army, the United Nations, and the International Civil Aviation Organization (ICAO) were targeted.

ICAO publicly **acknowledged** the incident last month, after an account known as “Natohub” leaked information from the breach on the cybercriminal forum BreachForums, also claiming to possess the personal data of 14,000 UN delegates. 

“Natohub” on Breach Forums (Screenshot credit: Hackread.com)

“The reported information security incident involves approximately 42,000 recruitment application data records from April 2016 to July 2024 claimed to be released by the threat actor known as Natohub,” ICAO confirmed.

According to the Spanish police’s **official press release**, the arrest took place after an extensive investigation into crimes involving the unauthorized access and disclosure of sensitive information, damage to computer systems, and money laundering. 

The investigation began in February 2024 after a complaint from a Madrid business association that discovered their data published on a “specialized data leak forum.” Research revealed their website was compromised, data extracted, and the site defaced with a message claiming the hack. Eventually, investigators uncovered a pattern of cyberattacks occurring throughout 2024, culminating in late December, prompting the arrest.

“He attacked international agencies and governmental organizations by accessing databases with personal information from employees and clients, as well as internal documents that were subsequently sold or freely published in forums,” authorities noted.

Moreover, the individual used anonymous messaging apps and specialized navigation tools to create a complex technical network that made tracking a challenge for investigators. 

Authorities seized computer equipment, an iPhone, and around 50 cryptocurrency accounts containing “different types of cryptoactive” from the suspect’s residence. Spanish news outlet Larazon reports that the suspect is 18 years old and was released after a court appearance on the condition of passport confiscation.

Authorities Use Cellebrite to Extract Data from suspect’s iPhone (Via Spanish Police)

The National Cryptological Centre (CCN) of the National Intelligence Centre (CNI), the EUROPOL and the US Homeland Security Investigations (HSI) also assisted in this operation. This arrest is part of a larger effort by Spanish law enforcement to crack down on cybercrime, working with international agencies to dismantle cybercriminal operations originating within the country.

1.  Police Dismantle SIM Swapping Gang in Spain
2.  Spanish Police Nab Leader of Kelvin Security Hacker Group
3.  FBI Kills Kelihos Botnet after Russian Hacker Arrested in Spain
4.  Alcasec Hacker, aka “Robin Hood of Spanish Hackers,” Arrested
5.  Two Arrested in Spain as Authorities Dismantle Cracked and Nulled

Teen Hacker “Natohub” Caught for NATO, UN, and US Army Breaches

UpGuard discovers exposed Ollama APIs revealing DeepSeek model adoption globally. See where these AI models are running and the security risks involved.

Cybersecurity researchers at third-party risk management firm UpGuard have identified a vulnerability surrounding exposed Ollama APIs, which provide access to running AI models. These exposed APIs not only pose security risks for model owners but also offer a unique opportunity to gauge the adoption rate and geographic distribution of specific AI models, such as **DeepSeek**.

**Ollama** is an AI model framework that simplifies interaction with models by providing a user-friendly interface for selecting and downloading models. However, as per UpGuard’s research, shared exclusively with Hackread.com ahead of its release, the API can be exposed to the public internet; its functions to push, pull, and delete models can put data at risk and unauthenticated users can also bombard models with requests, potentially causing costs for cloud computing resource owners. Existing vulnerabilities within Ollama could also be exploited. 

According to UpGuard’s **research**, there is already evidence of the vulnerability being exploited, with targeted IPs being tampered with.

  
A screenshot provided by UpGuard to Hackread.com shows an Ollama instance where the models appear to have been deleted.

Researchers expressed concern that Ollama APIs are likely used by hobbyists on home or small business internet connections or university networks and these systems can be easily compromised and incorporated into botnets for future attacks.

UpGuard also analyzed the distribution of DeepSeek models across different parameter sizes running on exposed Ollama APIs. The 14b and 7b options (representing models with 14 billion and 7 billion parameters) were the most commonly observed among the exposed DeepSeek models, suggesting that many users are opting for these mid-range models.

Approximately seven thousand IP addresses currently expose Ollama APIs, indicating an over 70% rise in three months, since in its survey **Laava** found four thousand IP addresses in November 2024. Out of these exposed IPs, 700 are running some version of DeepSeek. Specifically, 334 are utilizing models from the deepseek-v2 family, while 434 are running the newer deepseek-r1 model. 

Geographically, the highest concentration of IPs running DeepSeek models is located in China (171 IP addresses, representing 24.4%), followed by the U.S. (140 IP addresses, or 20%), and Germany (90 IP addresses, or 12.9%). 

Furthermore, the distribution of DeepSeek models within the US by Internet Service Provider (ISP) analysis reveals a diverse range of providers, from large entities like Google LLC and AT&T Enterprises LLC to smaller providers and universities. Also, researchers found the highest concentration of DeepSeek instances in China, the US, and Germany, with other countries contributing smaller percentages.

> _“There are really two things that surprised us in this research: how fast exposed Ollama APIs are growing, and how quickly DeepSeek has spread. Either of those could have big consequences in the future.”_
> 
> Greg Pollock, Director of Research and Insights – Upguard

It is worth noting that DeepSeek has been restricted by entities like the **US Navy**, the state of **Texas**, **NASA**, and Italy over concerns of possible data leakage to the Chinese government. While these concerns may not apply to open-source models, most users are unlikely to scrutinize the code, UpGuard researchers noted along with identifying potential risks within the models themselves.

Therefore, to prevent **AI data leakage**, it is essential to audit one’s attack surface for exposed Ollama APIs and remain aware of which models or AI products can be crucial in third-party risk management.

7,000 Exposed Ollama APIs Leave DeepSeek AI Models Wide Open to Attack

Now we know exactly how DeepSeek was designed to work, and we may even have a clue toward its highly publicized scandal with OpenAI.

Source: mundissima via Alamy Stock Photo

Researchers have tricked DeepSeek, the Chinese generative AI (GenAI) that debuted earlier this month to a whirlwind of publicity and user adoption, into revealing the instructions that define how it operates.

DeepSeek, the new "it girl" in GenAI, was trained at a fractional cost of existing offerings, and as such has sparked competitive alarm across Silicon Valley. This has led to claims of intellectual property theft from OpenAI, and the loss of billions in market cap for AI chipmaker Nvidia. Naturally, security researchers have begun scrutinizing DeepSeek as well, analyzing if what's under the hood is beneficent or evil, or a mix of both. And analysts at Wallarm just made significant progress on this front by jailbreaking it.

In the process, they revealed its entire system prompt, i.e., a hidden set of instructions, written in plain language, that dictates the behavior and limitations of an AI system. They also may have induced DeepSeek to admit to rumors that it was trained using technology developed by OpenAI.

**DeepSeek's System Prompt**

Wallarm informed DeepSeek about its jailbreak, and DeepSeek has since fixed the issue. For fear that the same tricks might work against other popular large language models (LLMs), however, the researchers have chosen to keep the technical details under wraps.

Related:Code-Scanning Tool's License at Heart of Security Breakup

"It definitely required some coding, but it's not like an exploit where you send a bunch of binary data \[in the form of a\] virus, and then it's hacked," explains Ivan Novikov, CEO of Wallarm. "Essentially, we kind of convinced the model to respond \[to prompts with certain biases\], and because of that, the model breaks some kinds of internal controls."

By breaking its controls, the researchers were able to extract DeepSeek's entire system prompt, word for word. And for a sense of how its character compares to other popular models, it fed that text into OpenAI's GPT-4o and asked it to do a comparison. Overall, GPT-4o claimed to be less restrictive and more creative when it comes to potentially sensitive content.

"OpenAI's prompt allows more critical thinking, open discussion, and nuanced debate while still ensuring user safety," the chatbot claimed, where "DeepSeek’s prompt is likely more rigid, avoids controversial discussions, and emphasizes neutrality to the point of censorship."

While the researchers were poking around in its kishkes, they also came across one other interesting discovery. In its jailbroken state, the model seemed to indicate that it may have received transferred knowledge from OpenAI models. The researchers made note of this finding, but stopped short of labeling it any kind of proof of IP theft.

Related:OAuth Flaw Exposed Millions of Airline Users to Account Takeovers

"\[We were\] not retraining or poisoning its answers — this is what we got from a very plain response after the jailbreak. However, the fact of the jailbreak itself doesn't definitely give us enough of an indication that it's ground truth," Novikov cautions. This subject has been particularly sensitive ever since Jan. 29, when OpenAI — which trained its models on unlicensed, copyrighted data from around the Web — made the aforementioned claim that DeepSeek used OpenAI technology to train its own models without permission.

Source: Wallarm

**DeepSeek's Week to Remember**

DeepSeek has had a whirlwind ride since its worldwide release on Jan. 15. In two weeks on the market, it reached 2 million downloads. Its popularity, capabilities, and low cost of development triggered a conniption in Silicon Valley, and panic on Wall Street. It contributed to a 3.4% drop in the Nasdaq Composite on Jan. 27, led by a $600 billion wipeout in Nvidia stock — the largest single-day decline for any company in market history.

Then, right on cue, given its suddenly high profile, DeepSeek suffered a wave of distributed denial of service (DDoS) traffic. Chinese cybersecurity firm XLab found that the attacks began back on Jan. 3, and originated from thousands of IP addresses spread across the US, Singapore, the Netherlands, Germany, and China itself. 

Related:Spectral Capital Files Quantum Cybersecurity Patent

An anonymous expert told the Global Times when they began that "at first, the attacks were SSDP and NTP reflection amplification attacks. On Tuesday, a large number of HTTP proxy attacks were added. Then early this morning, botnets were observed to have joined the fray. This means that the attacks on DeepSeek have been escalating, with an increasing variety of methods, making defense increasingly difficult and the security challenges faced by DeepSeek more severe."

To stem the tide, the company put a temporary hold on new accounts registered without a Chinese phone number.

On Jan. 28, while fending off cyberattacks, the company released an upgraded Pro version of its AI model. The following day, Wiz researchers discovered a DeepSeek database exposing chat histories, secret keys, application programming interface (API) secrets, and more on the open Web.

Elsewhere on Jan. 31, Enkyrpt AI published findings that reveal deeper, meaningful issues with DeepSeek's outputs. Following its testing, it deemed the Chinese chatbot three times more biased than Claud-3 Opus, four times more toxic than GPT-4o, and 11 times as likely to generate harmful outputs as OpenAI's O1. It's also more inclined than most to generate insecure code, and produce dangerous information pertaining to chemical, biological, radiological, and nuclear agents.

Yet despite its shortcomings, "It's an engineering marvel to me, personally," says Sahil Agarwal, CEO of Enkrypt AI. "I think the fact that it's open source also speaks highly. They want the community to contribute, and be able to utilize these innovations. I think that's why a lot of closed-source model providers are sort of scared."

He adds, too, that "there are other models that are worse than DeepSeek. It's just that DeepSeek is so much in the news, so it has a lot of eyes on it."

**About the Author**

Nate Nelson is a writer based in New York City. He formerly worked as a reporter at Threatpost, and wrote "Malicious Life," an award-winning Top 20 tech podcast on Apple and Spotify. Outside of Dark Reading, he also co-hosts "The Industrial Security Podcast."

DeepSeek Jailbreak Reveals Its Entire System Prompt

Martin discusses how defenders can use threat intelligence to equip themselves against AI-based threats. Plus check out his introductory course to threat intelligence.

Thursday, January 30, 2025 14:05

Welcome to this week’s edition of the Threat Source newsletter. 

You don’t need me to tell you that security is constantly changing and that more change is on its way. The enthusiastic adoption of new AI systems will inevitably lead to more demands on cybersecurity teams. Not only will these systems need protecting against the same threats which affect current systems, but also against new types of threats that target AI models. We can only expect that attacks designed to subvert AI models and get them to function in ways detrimental to their operators’ interests will become more effective and beneficial to attackers over time. 

The good news is that we can expect AI enabled security systems to help protect against attacks, detect incursions, and orchestrate the remediation of affected systems. However, we must not overlook the fact that people will remain involved and invested in the outcome. Within this AI powered future will be CISOs who will be held responsible for the security of systems. There will also be many analysts tasked with keeping systems operating correctly while trying to anticipate and protect against forthcoming malicious campaigns.

Although we may not be able to predict the nature of attacks in this distant future, we can predict some of the skills that will be necessary to beat these attacks. Threat intelligence skills will be vital to equip future cyber security professionals not only to understand the goals of the threat actors that they face but to situate their attacks within the context of these goals. Armed with this understanding, security teams will be able to make better decisions regarding the allocation and prioritization of resources to best defend against attacks. 

Developing threat intelligence skills within the cyber security professionals of tomorrow begins today. Training up people who are early in their careers and students yet to begin their careers is one of the best investments we can make to build resilience against future threats.

To help skill up future analysts, my colleagues and myself in collaboration with Cisco’s Networking Academy have developed an introductory course to threat intelligence. This course is free for all, only registration is required, and is intended to give an overview of the domain for someone without prior knowledge which can be used as a starting point for further study or employment.

For those looking to develop a threat intelligence program as part of their cyber security strategy, we are hosting a technical seminar at Cisco Live EMEA on Sunday February 9th. The session, “Establishing a Threat Intelligence Program, Why its Necessary, What to Expect and How to Go about it \[TECSEC-2003\]”, will present how managers can set-up a threat intelligence team as part of their arsenal against the bad guys and what can reasonably be expected.

**The one big thing**

One pointer to the nature of future threats against AI systems is a technique used in spam that Talos recently blogged about. Hiding the nature of the content displayed to the recipient from anti-spam systems is not a new technique. Spammers have included hidden text or used formatting rules to camouflage their actual message from anti-spam analysis for decades. However, we have seen increase in the use of such techniques during the second half of 2024.

**Why do I care?**

Parsers which are required for computers to understand text content, view the world very differently from humans. The human eye ignores text in miniscule font or can’t detect black letters on a black background, but this is not necessarily the case for parsers. Where the human eye sees readily readable text, the parser can see the gibberish that spammers have included to confuse them. Potentially the opposite is also true with humans seeing gibberish, but language parsing software seeing readable text.

Being able to disguise and hide content from machine analysis or from human oversight is likely to become a more important vector of attack against AI systems as they become a larger part of our lives. 

**So now what?**

Fortunately, the techniques to detect this kind of obfuscation are well known and already integrated into spam detection systems such as Cisco Email Threat Defense. Conversely, the presence of attempts to obfuscate content in this manner makes it obvious that a message is malicious and can be classed as spam.

**Top security headlines of the week**

Another incident of an undersea telecommunications cable being cut in the Baltic was encountered. (CNN). Organisations need to plan for the effects of a major telecommunications outage or internet bandwidth restriction affecting their business.

Three members of Russia’s GRU have been placed under sanctions for their suspected role in conducting cyber attacks against Estonia in 2020 (SecurityAffairs). Threat actors might try to hide their identities but eventually they will be discovered and held to account for their actions.

A botnet consisting of infected IoT devices is behind the largest ever DDoS attack (Help Net Security). Small network connected devices can easily be overlooked as part of a cyber security strategy, but they can be compromised by threat actors and used for nefarious purposes.

**Can't get enough Talos?**

Today we released the new Cisco Talos Quarterly Trends Report - covering incidents from October to December 2024. The big call out? Threat actors are increasingly deployed web shells against vulnerable web applications. They primarily exploited vulnerable or unpatched public-facing applications to gain initial access, a notable shift from previous quarters.

Watch Hazel, Joe and Craig break down the report - they discuss hunting down web shells, the Interlock ransomware, and the increasing use of remote access tools within ransomware attacks.

**Upcoming events where you can find Talos**

Talos team members: Martin LEE, Thorsten ROSENDAHL, Yuri KRAMARZ, Giannis TZIAKOURIS, and Vanja SVAJCER will be speaking at Cisco Live EMEA. Amsterdam, Netherlands, 9-14 February.  (Cisco Live EMEA)

**Most prevalent malware files of the week**

**SHA 256:** 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
**MD5:** 2915b3f8b703eb744fc54c81f4a9c67f  
**VirusTotal:**https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
**Typical Filename:** VID001.exe  
**Detection Name:** Simple\_Custom\_DetectionClaimed Product: 

**SHA 256:** 47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca  
**MD5:** 71fea034b422e4a17ebb06022532fdde  
**VirusTotal:** https://www.virustotal.com/gui/file/47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca  
**Typical Filename:** VID001.exe  
**Claimed Product:** N/A  
**Detection Name:** Coinminer:MBT.26mw.in14.Talos

**SHA 256:** a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91  
**MD5:** 7bdbd180c081fa63ca94f9c22c457376  
**VirusTotal:** https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91  
**Typical Filename:** c0dwjdi6a.dll  
**Claimed Product:** N/A  
**Detection Name:** Trojan.GenericKD.33515991

Defeating Future Threats Starts Today

In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit -- a sprawling network tied to Chinese organized crime gangs and aptly named "Funnull" -- highlights a persistent whac-a-mole problem facing cloud services.

Image: Shutterstock, ArtHead.

In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling network tied to Chinese organized crime gangs and aptly named “**Funnull**” — highlights a persistent whac-a-mole problem facing cloud services.

In October 2024, the security firm **Silent Push** published a lengthy analysis of how **Amazon AWS** and **Microsoft Azure** were providing services to Funnull, a two-year-old Chinese content delivery network that hosts a wide variety of fake trading apps, pig butchering scams, gambling websites, and retail phishing pages.

Funnull made headlines last summer after it acquired the domain name **polyfill\[.\]io**, previously the home of a widely-used open source code library that allowed older browsers to handle advanced functions that weren’t natively supported. There were still tens of thousands of legitimate domains linking to the Polyfill domain at the time of its acquisition, and Funnull soon after conducted a supply-chain attack that redirected visitors to malicious sites.

Silent Push’s October 2024 report found a vast number of domains hosted via Funnull promoting gambling sites that bear the logo of the **Suncity Group**, a Chinese entity named in a 2024 UN report (PDF) for laundering millions of dollars for the North Korean Lazarus Group.

In 2023, Suncity’s CEO was sentenced to 18 years in prison on charges of fraud, illegal gambling, and “triad offenses,” i.e. working with Chinese transnational organized crime syndicates. Suncity is alleged to have built an underground banking system that laundered billions of dollars for criminals.

It is likely the gambling sites coming through Funnull are abusing top casino brands as part of their money laundering schemes. In reporting on Silent Push’s October report, _TechCrunch_ obtained a comment from Bwin, one of the casinos being advertised en masse through Funnull, and Bwin said those websites did not belong to them.

Gambling is illegal in China except in Macau, a special administrative region of China. Silent Push researchers say Funnull may be helping online gamblers in China evade the Communist party’s “Great Firewall,” which blocks access to gambling destinations.

Silent Push’s **Zach Edwards** said that upon revisiting Funnull’s infrastructure again this month, they found dozens of the same Amazon and Microsoft cloud Internet addresses still forwarding Funnull traffic through a dizzying chain of auto-generated domain names before redirecting malicious or phishous websites.

Edwards said Funnull is a textbook example of an increasing trend Silent Push calls “infrastructure laundering,” wherein crooks selling cybercrime services will relay some or all of their malicious traffic through U.S. cloud providers.

“It’s crucial for global hosting companies based in the West to wake up to the fact that extremely low quality and suspicious web hosts based out of China are deliberately renting IP space from multiple companies and then mapping those IPs to their criminal client websites,” Edwards told KrebsOnSecurity. “We need these major hosts to create internal policies so that if they are renting IP space to one entity, who further rents it to host numerous criminal websites, all of those IPs should be reclaimed and the CDN who purchased them should be banned from future IP rentals or purchases.”

A Suncity gambling site promoted via Funnull. The sites feature a prompt for a Tether/USDT deposit program.

Reached for comment, Amazon referred this reporter to a statement Silent Push included in a report released today. Amazon said AWS was already aware of the Funnull addresses tracked by Silent Push, and that it had suspended all known accounts linked to the activity.

Amazon said that contrary to implications in the Silent Push report, it has every reason to aggressively police its network against this activity, noting the accounts tied to Funnull used “fraudulent methods to temporarily acquire infrastructure, for which it never pays. Thus, AWS incurs damages as a result of the abusive activity.”

“When AWS’s automated or manual systems detect potential abuse, or when we receive reports of potential abuse, we act quickly to investigate and take action to stop any prohibited activity,” Amazon’s statement continues. “In the event anyone suspects that AWS resources are being used for abusive activity, we encourage them to report it to AWS Trust & Safety using the report abuse form. In this case, the authors of the report never notified AWS of the findings of their research via our easy-to-find security and abuse reporting channels. Instead, AWS first learned of their research from a journalist to whom the researchers had provided a draft.”

Microsoft likewise said it takes such abuse seriously, and encouraged others to report suspicious activity found on its network.

“We are committed to protecting our customers against this kind of activity and actively enforce acceptable use policies when violations are detected,” Microsoft said in a written statement. “We encourage reporting suspicious activity to Microsoft so we can investigate and take appropriate actions.”

**Richard Hummel** is threat intelligence lead at **NETSCOUT**. Hummel said it used to be that “noisy” and frequently disruptive malicious traffic — such as automated application layer attacks, and “brute force” efforts to crack passwords or find vulnerabilities in websites — came mostly from botnets, or large collections of hacked devices.

But he said the vast majority of the infrastructure used to funnel this type of traffic is now proxied through major cloud providers, which can make it difficult for organizations to block at the network level.

“From a defenders point of view, you can’t wholesale block cloud providers, because a single IP can host thousands or tens of thousands of domains,” Hummel said.

In May 2024, KrebsOnSecurity published a deep dive on Stark Industries Solutions, an ISP that materialized at the start of Russia’s invasion of Ukraine and has been used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia. Experts said much of the malicious traffic  traversing Stark’s network (e.g. vulnerability scanning and password brute force attacks) was being bounced through U.S.-based cloud providers.

Stark’s network has been a favorite of the Russian hacktivist group called **NoName057(16)**, which frequently launches huge distributed denial-of-service (DDoS) attacks against a variety of targets seen as opposed to Moscow. Hummel said NoName’s history suggests they are adept at cycling through new cloud provider accounts, making anti-abuse efforts into a game of whac-a-mole.

“It almost doesn’t matter if the cloud provider is on point and takes it down because the bad guys will just spin up a new one,” he said. “Even if they’re only able to use it for an hour, they’ve already done their damage. It’s a really difficult problem.”

Edwards said Amazon declined to specify whether the banned Funnull users were operating using compromised accounts or stolen payment card data, or something else.

“I’m surprised they wanted to lean into ‘We’ve caught this 1,200+ times and have taken these down!’ and yet didn’t connect that each of those IPs was mapped to \[the same\] Chinese CDN,” he said. “We’re just thankful Amazon confirmed that account mules are being used for this and it isn’t some front-door relationship. We haven’t heard the same thing from Microsoft but it’s very likely that the same thing is happening.”

Funnull wasn’t always a bulletproof hosting network for scam sites. Prior to 2022, the network was known as **Anjie CDN**, based in the Philippines. One of Anjie’s properties was a website called **funnull\[.\]app**. Loading that domain reveals a pop-up message by the original Anjie CDN owner, who said their operations had been seized by an entity known as **Fangneng CDN** and **ACB Group**, the parent company of Funnull.

A machine-translated message from the former owner of Anjie CDN, a Chinese content delivery network that is now Funnull.

“After I got into trouble, the company was managed by my family,” the message explains. “Because my family was isolated and helpless, they were persuaded by villains to sell the company. Recently, many companies have contacted my family and threatened them, believing that Fangneng CDN used penetration and mirroring technology through customer domain names to steal member information and financial transactions, and stole customer programs by renting and selling servers. This matter has nothing to do with me and my family. Please contact Fangneng CDN to resolve it.”

In January 2024, the **U.S. Department of Commerce** issued a proposed rule that would require cloud providers to create a “Customer Identification Program” that includes procedures to collect data sufficient to determine whether each potential customer is a foreign or U.S. person.

According to the law firm **Crowell & Moring LLP**, the Commerce rule also would require “infrastructure as a service” (IaaS) providers to report knowledge of any transactions with foreign persons that might allow the foreign entity to train a large AI model with potential capabilities that could be used in malicious cyber-enabled activity.

“The proposed rulemaking has garnered global attention, as its cross-border data collection requirements are unprecedented in the cloud computing space,” Crowell wrote. “To the extent the U.S. alone imposes these requirements, there is concern that U.S. IaaS providers could face a competitive disadvantage, as U.S. allies have not yet announced similar foreign customer identification requirements.”

It remains unclear if the new White House administration will push forward with the requirements. The Commerce action was mandated as part of an executive order President Trump issued a day before leaving office in January 2021.

Infrastructure Laundering: Blending in with the Cloud

A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks.
The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor

Tag

#botnet