Who Operates the Badbox 2.0 Botnet?
Summary
The operators of the Kimwolf botnet shared a screenshot suggesting they compromised the control panel for Badbox 2.0, a China-based botnet infecting Android TV streaming boxes. The FBI and Google are actively investigating Badbox 2.0, and the Kimwolf operators' actions may provide clues to its creators.
IFF Assessment
Identifying and potentially disrupting the Badbox 2.0 botnet would benefit defenders.
Defender Context
This highlights the interconnectedness of botnet operations and the potential for intelligence sharing (albeit unintentional) between threat actors. Defenders should monitor for indicators of compromise associated with both Kimwolf and Badbox 2.0, especially in Android TV device environments. This also shows the importance of supply chain security for Android devices.