A botnet is a tool that hackers use to invade systems. The botnets were rented out to a variety of groups to conduct DDoS attacks, launch phishing campaigns, and deliver a variety of different types of malware.
Of interest, the botnet was controlled and coordinated by an LED light control console.
The team initially faced the daunting prospect of tracking down more than 400,000 IP addresses associated with the botnet. After conducting an extensive search, they narrowed the scope of their investigation to 90 IPs, and discovered that one in particular seemed to be coordinating the activities of the rest. This IP was traced back to an LED light console inside an office building in rural northern Taiwan.
Taiwan’s Ministry of Justice Investigation Bureau was contacted and after conducting their own research and investigation, moved in to shut the device down.
A spokesman for the Bureau had this to say about the incident:
“This case marks a milestone. That’s because we were able to take down the IoT device and secure the breach to a limited range for those compromised computers in Taiwan, which is quite different from our previous global cooperation cases.”
This is not the first time in recent weeks that Microsoft’s DCU has made headlines. Just last month, the group, in conjunction with Microsoft partners, coordinated the take down of Necurs. That was one of the largest spam botnets ever reported, and was infamous for the widespread distribution of malware as far back as 2012.
While there is no doubt that other threats will rise to take the place of these two now defunct botnets, it is nice to know that industry titans are working tirelessly and in conjunction with law enforcement agencies around the world to try and keep us all a little safer. Kudos to Microsoft and to Taiwanese law enforcement for a job very well done!