Tag: ngioweb

4 Attack Reports | 0 Vulnerabilities

Attack reports

SystemBC – Bringing the Noise

The SystemBC botnet, composed of over 80 C2s and 1,500 daily victims, primarily targets VPS systems from commercial providers. It creates proxies enabling high volumes of malicious traffic for various criminal threat groups. The network is used by multiple proxy services, including REM Proxy, which…

malicious traffic

Published: September 25, 2025

Downloadable IOCs: 158

One Sock Fits All: The use and abuse of the NSOCKS botnet

The ngioweb botnet serves as the foundation for the NSOCKS criminal proxy service, maintaining over 35,000 bots daily across 180 countries. The botnet primarily targets SOHO routers and IoT devices, with two-thirds of proxies based in the U.S. NSOCKS utilizes over 180 'backconnect' C2 nodes to obsc…

Published: November 19, 2024

Downloadable IOCs: 59

Inside Water Barghest's Rapid Exploit-to-Market Strategy for IoT Devices

Water Barghest, a cybercriminal group, has developed a highly automated system for exploiting and monetizing IoT devices. Their botnet, comprising over 20,000 devices as of October 2024, uses automated scripts to identify and compromise vulnerable IoT devices from public internet scan databases. On…

vulnerability exploitation

residential proxy marketplace

Published: November 18, 2024

Downloadable IOCs: 66

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

TrendMicro highlights the dangers of internet-facing routers and elaborates on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024. Cybercriminals and nation-state actors share an interest in compromised routers used as an anonymization layer, with cybe…

Published: August 7, 2024

Downloadable IOCs: 64

Click here to see more Attack Reports