JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

New HEH botnet wipes devices potentially bricking them

A new botnet, tracked as HEH, discovered botnet implements a disk-wiping feature that allows it to wipe all data from the infected systems. Researchers from from Netlab, the network security division of Chinese tech giant Qihoo 360, have discovered a new botnet, tracked as HEH, that contains the code to wipe all data from infected […]

HEH botnet wiping feature

A new botnet, tracked as HEH, discovered botnet implements a disk-wiping feature that allows it to wipe all data from the infected systems.

Researchers from from Netlab, the network security division of Chinese tech giant Qihoo 360, have discovered a new botnet, tracked as HEH, that contains the code to wipe all data from infected systems, such as routers, IoT devices, and servers.

Experts noticed that the malware supports multiple CPU architectures, including x86(32/64), ARM(32/64), MIPS(MIPS32/MIPS-III) and PPC, it is written in the Go open-source programming language.

The botnet targets systems with SSH ports (23 and 2323) exposed online by launching brute-force attacks.

The name comes for the project inside the sample, the family samples analyzed by the experts were built by the author in the WSL environment on the Windows platform.

Upon gaining access to the device, the bot downloads one of seven binaries that install the HEH malware.

The analysis of the HEH Bot revealed that it contains three functional modules: propagation module, local HTTP service module and P2P module.

Experts pointed out that the bot doesn’t contain any offensive features, such as the ability to launch DDoS attacks or to mine cryptocurrency, a circumstance that suggests the malware is under development.

“At present, the most useful functions for the entire Botnet are to execute Shell commandsupdate Peer List and UpdateBotFile. The Attack function in the code is just a reserved empty function, and has not been implemented. It can be seen that the Botnet is still in the developement stage. We will see what the author comes up with the Attack feature.” reads the analysis published by the researchers.

The function for parsing Bot Cmd in Bot is main.executeCommand(), the most notable feature noticed by the experts it related to a cmd with code number 8. When the bot will receive this command it will try to wipe out the content of the disks through a series of Shell commands.

HEH botnet wiping feature

The malware is able to wipe content from home routers, Internet of Things (IoT) smart devices, and Linux servers.

Even if the botnet is still spreading, experts noticed that it has also other major problems in its implementation, for example, the P2P implementation still has flaws. Experts noticed that the Bot does maintain a Peer List internally, and there is ongoing Ping<–>Pong communication between peers, but the overall botnet still works with a centralized model. In the current version, each node cannot send control command to its peers.

“With that being said, the new and developing P2P structure, the multiple CPU architecture support, the embedded self-destruction feature, all make this botnet potentially dangerous.” concludes the post.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, HEH botnet)

[adrotate banner=”5″]

[adrotate banner=”13″]