The group behind **Fodcha**, a known threat actor in the cyber threat landscape, has resumed its activity with a campaign centered on RDDoS (Ransom Distributed Denial of Service) attacks. According to the analysis published by 360 Netlab, this new wave combines traditional DDoS denial-of-service tactics with direct extortion strategies.
Fodcha Botnet Returns with Ransom-DDoS Campaign
Summary: 360Netlab reveals that the Fodcha botnet has re-activated, implementing new encryption techniques and C2 mechanisms to avoid detection and launch massive DDoS attacks.
Key facts
- 360Netlab discovered Fodcha in April 2022.
- Fodcha has resumed its activities with new techniques to evade detection and cause economic damage through ransom DDoS attacks.
- The new version utilizes XXTEA, ChaCha20, and a dual C2 scheme with OpenNIC and ICANN domains.
Why it matters
The resurgence of Fodcha poses a significant threat to businesses and networks that may be targeted by ransom DDoS attacks. Cybercriminals have improved their evasion techniques, making detection and tracking more challenging. This threat requires a rapid and coordinated response from organizations and authorities.
Embedded content for: Fodcha Botnet Returns with Ransom-DDoS Campaign