A large-scale DDoS attack targeted the Chinese game “Black Myth: Wukong” on the Steam and Perfect World platforms in August 2024. The attackers, using a botnet called AISURU, executed multiple waves of attacks during peak online gaming hours across 13 global regions. The botnet was later updated and renamed AIRASHI, which exhibited advanced capabilities, including exploiting a 0DAY vulnerability in Cambium Networks routers. Affected: Steam, Perfect World, gaming sector
Keypoints :
- A large-scale DDoS attack targeted Steam and Perfect World platforms.
- The attack was executed in four waves during peak gaming hours.
- The botnet AISURU was responsible for the attack, which was later updated to AIRASHI.
- AIRASHI used a 0DAY vulnerability in Cambium Networks routers to propagate.
- The botnet demonstrated stable DDoS attack capabilities with a wide range of IP resources.
- AIRASHI’s operators showcased their attack capabilities through social media.
- The botnet’s attack targets were distributed globally across various sectors.
- Multiple versions of AIRASHI have been identified, each with enhanced features.
MITRE Techniques :
- T1040 – Network Sniffing: The botnet uses network protocols to communicate and execute commands.
- T1203 – Exploitation for Client Execution: AIRASHI exploits the Cambium Networks router vulnerability.
- T1499 – Endpoint Denial of Service: The primary function of AIRASHI is to perform DDoS attacks.
- T1071 – Application Layer Protocol: The botnet uses HTTP and DNS for command and control communications.
- T1105 – Remote File Copy: The botnet may download additional payloads or updates from its command and control servers.
Indicator of Compromise :
- [domain] xlabsecurity.ru
- [domain] xlabresearch.ru
- [domain] foxthreatnointel.africa
- [ip address] 190.123.46.21
- [ip address] 95.214.52.167
- Check the article for all found IoCs.
Full Research: https://blog.xlab.qianxin.com/large-scale-botnet-airashi/