RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
ID: 931f555d-aca5-535b-b8dc-561ce92646d1
STIX ID: report--931f555d-aca5-535b-b8dc-561ce92646d1
Feed Name: The Hacker News
**RustDuck** is a newly observed two-stage DDoS botnet targeting poorly secured routers, cameras, Android boxes and exposed servers; it is notable for being rewritten in Rust, using strong encryption (ChaCha20-Poly1305 and AES-GCM with Curve25519/HKDF-SHA256), extensive anti-analysis and sandbox-detection checks, and modular C2 that uses dynamic DNS. XLab observed active spreading since February 2026, provided IOCs (file hashes, control domains, source IPs), and recommends removing public remote-management interfaces, patching or replacing unsupported devices, and blocking known indicators.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
