Matrix Unleashes A New Widespread DDoS Campaign

Aqua Nautilus researchers documented an active, widespread DDoS campaign by an actor called "Matrix" that assembles a botnet using public Mirai-like tools, brute-force/default credentials, and exploitation of known vulnerabilities (including a 2024 HugeGraph RCE). The report details the actor's infrastructure (GitHub, Discord, Telegram vending), provides IOCs (IP addresses, file hashes, domains), maps techniques to MITRE ATT&CK, estimates potential scale (hundreds of thousands to >1M devices), and offers detection/mitigation advice emphasizing credential hygiene, patching, and runtime sandbox analysis.