Glassworm botnet disrupted after resilient C2 infrastructure takedown
Summary
Researchers have disrupted the Glassworm botnet, which was used in software supply-chain attacks targeting developers. The takedown was achieved by dismantling its command-and-control infrastructure, which utilized Solana blockchain transactions and the BitTorrent DHT network for resilience.
IFF Assessment
The disruption of a botnet, even if temporary, implies ongoing malicious activity that defenders must contend with.
Defender Context
This incident highlights the evolving tactics of threat actors, particularly in leveraging decentralized technologies like blockchain and peer-to-peer networks to maintain resilient command-and-control infrastructure. Defenders should be aware of these advanced techniques when investigating and mitigating botnet activity, and focus on identifying novel C2 communication methods.