Forcepoint Security Labs Special Investigations team has discovered and documented a global botnet affecting thousands of victims – we call this investigation “JAKU”.
What is JAKU?
- JAKU is the name of the investigation by the Forcepoint Security Labs Special Investigations team into a botnet campaign.
- Obscured by the noise of thousands of seemingly indiscriminate botnet victims, the JAKU campaign performs a separate, highly targeted operation.
- JAKU has approximately 19,000 victims at any one time spread over 134 countries!
- JAKU has a truly global footprint but we found concentrations of Command and Control servers and victims in APAC.
- Victims were observed to have a maximum dwell time* of 348 days. The attack could exploit each victim for almost a full year.
*Dwell time begins when an attacker enters a network and continues until they leave or are forced out.
Comment from Andy Settle, Head of Special Investigations, Forcepoint
“JAKU has reached every corner of the world and sheds some light onto the victims of botnets, why they are vulnerable, and possibly, why they are targeted. With thousands of victim computers currently sitting in wait to be used unwittingly to perform DDoS attacks, spear phishing attacks, spam campaigns and other forms of organised crime, corporate companies must make sure they are aware of this sophisticated botnet campaign.
The team discovered something new in this campaign – we have not previously observed bot herding on this scale that is also so surgically targeted; this represents a change in tactics.
Finding, tracking and shutting down attack modes and methodologies with such capabilities can be a formidable task. No single organisation can do it alone. It requires the close collaboration and intelligence-sharing activities of both private organisations and government agencies – and Forcepoint has engaged with NCA, CERT-UK, Europol and Interpol on this investigation.”
Below is three short videos on “what”, the “how” and the “why” of JAKU.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.