The threat intelligence team at Lumen Technologies, Black Lotus Labs, has issued a warning about Chaos, the new variant of the Kaiji distributed denial-of-service (DDoS) botnet, which targets enterprises and large organizations.
The Golang-based Kaiji malware emerged in early 2020, targeting Linux systems and internet of things (IoT) devices via SSH brute force attacks. It is believed to have originated in China. By the middle of the year 2020, the threat also targeted Docker servers. Similar to Kaiji, the newly discovered Chaos malware is written in Go and employs SSH brute force attacks to infect new devices. In addition, it exploits known vulnerabilities and steals SSH keys to spread infection. Black Lotus Labs reports that the threat is compatible with multiple architectures, including ARM, Intel (i386), MIPS, and PowerPC, and can run on both Linux and Windows.