The Growing Threat of Malware Concealed Behind Cloud Services

FortiGuard Labs observed active botnet campaigns (notably UNSTABLE and Condi) leveraging cloud services to host command-and-control and distribute Linux-based DDoS malware targeting routers and IoT/Linux devices. The report details exploited CVEs (including CVE-2023-1389 and CVE-2024-21887), lists hard-coded credentials, DDoS methods, extensive IOCs (C2 IPs, URLs, and file hashes), and provides mitigation guidance and Fortinet detections.