DDoS Botnet Leveraging Jenkins Misconfigurations for Initial Access (Campaign)

**Executive Summary:** Threat actors abuse exposed or weakly secured Jenkins instances (via the scriptText Groovy endpoint) to execute platform-specific payloads that establish a persistent, evasive botnet with a single C2; infected hosts are instructed to perform UDP/TCP/HTTP floods and gaming-server attacks, and Windows payloads alter firewall rules and remove security flags. The campaign leverages remote code execution for initial access, cross-platform payload delivery, and sustained DDoS operations, with potential data exfiltration noted.