Threat Database Botnets Jaku Botnet

Jaku Botnet

By GoldSparrow in Botnets

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 3
First Seen: May 5, 2016
Last Seen: August 4, 2020
OS(es) Affected: Windows

The Jaku Botnet is a large network of infected computers, generally referred to as 'zombies' or 'bots' that can be used to carry out coordinated attacks. There are more than 19,000 bots in the Jaku Botnet currently, making it a powerful tool for illicit operations. Using the Jaku Botnet, third parties may carry out highly effective DDoS (Distributed Denial of Service) attacks or send out massive quantities of spam email. While threat infections like Trojans and ransomware are quite harmful, botnets like the Jaku Botnet may be the backbone of most threat campaigns. The con artists that create threat infections may enlist the services of a botnet like the Jaku Botnet to deliver their corrupted email attachments or social media spam to thousands of potential victims. PC security researchers have observed connections between the Jaku Botnet and various high-profile cases of threats around the world. This botnet, in particular, is connected to Darkhotel attacks carried out in 2014. This group, known as Dark Seoul is connected to a group of hackers located in North Korea and part of the infamous Lazarus Group.

The Jaku Botnet and Its Associated Harmful Activities

The Jaku Botnet has grown in number gradually in the past year, containing more than 19,000 bots currently. Most of the bots in the Jaku Botnet are located in Asian countries, especially in Japan and South Korea. The Jaku Botnet is named after Jakku, a Star Wars reference. Most of the Jaku Botnet victims are located in the two countries mentioned above, which is responsible for 73 percent of all the Jaku Botnet infections. However, the bots associated with the Jaku Botnet are spread out in more than 134 different countries, even if this means that one country may only have one or two infected computers. This distribution makes the Jaku Botnet particularly effective since it can be used to hide Web traffic and can be involved in activities such as money laundering or the traffic of child pornography.

The Jaku Botnet is one of the strongest botnets actives today and has proven quite difficult to take down. The first attacks related to the Jaku Botnet first appeared in September of 2015. In the six months since then, the Jaku Botnet has grown enormously, especially compared to other botnets. The Jaku Botnet is controlled through various Command and Control servers located in the Asian Pacific region, especially the Southeastern Asia in countries like Thailand and Singapore. The Jaku Botnet uses multiple Command and Control mechanisms and databases that are heavily obfuscated on the client side as well, meaning that the configuration files are already difficult to access by PC security researchers.

How the Jaku Botnet may be Used to Attack Computer Users

The Jaku Botnet can be used to send out massive quantities of spam email, which may be used to deliver corrupted email attachments via various social engineering tactics. The Jaku Botnet also may be used to carry out DDoS attacks, which are used to overload a server through continued requests by using thousands of computers to overload a server with traffic, which makes a website to go offline. PC security analysts have associated hoaxes involving steganography with the Jaku Botnet, meaning that third parties deliver corrupted code by hiding it in image files. The Jaku Botnet infects computers through corrupted torrent files, often placed on public file sharing websites. Although the people responsible for the Jaku Botnet tend to target computers associated with high profile targets, individual users also may become part of the Jaku Botnet as well. Computers at risk may belong to NGOs, engineering firms, universities, scientists and government offices, which is understandable when one considers the potential high value of the data that could be collected from these sources.


Most Viewed