Cisco Talos observed an existing DDoS malware known as XorDDoS, continuing to spread globally between November 2023 and February 2025. A significant finding shows that over 70 percent of attacks using XorDDoS targeted the U.S.

The most critical of the three is CVE-2022-35914, which concerns a remote code execution vulnerability in the third-party library htmlawed present in Teclib GLPI, an open-source asset and IT management software package.

"We found that devices first infected with XorDdos were later infected with additional malware such as the Tsunami backdoor, which further deploys the XMRig coin miner," Microsoft notes.

There may be a risk of retaliatory activity by threat actors supporting the Russian Federation, against organizations being leveraged to unwittingly conduct disruptive attacks against government, military, and civilian websites.

“This morning, accessing the sites gov.ro, mapn.ro and politiadefrontiera.ro [Border Police], cfrcalatori.ro [National RailRoads] and the financial institution’s websites were affected by a series DDOS cyber attacks,” a press release said.

The malicious code runs on the website visitor's computer and directs their available computational resources to generate an abnormal number of requests to attack objects (URLs) defined in the code.

This newly discovered malware, named Fodcha by researchers at Qihoo 360's Network Security Research Lab (360 Netlab), has spread to over 62,000 devices between March 29 and April 10.

The most affected devices are located in China, Brazil, Russia, Italy, Indonesia, with the U.S. coming in at number eight, cybersecurity firm Eclypsium said in a report shared with The Hacker News.

The critical command injection vulnerability was discovered and patched in May 2021. A PoC was released and within a week, attackers exploited the vulnerability to deploy variants of Mirai.

Although the bot was first discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different C2 communications and the addition of new exploits for spreading.

The attack generated 809 million packets per second (Mpps), making it the largest-ever DDoS attack in terms of packet per second (pps) recorded by Akamai.