Security Affairs
Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Creator of multiple IoT botnets, including Satori, pleaded guilty

Kenneth Currin Schuchman (21) from Vancouver, Washington pleaded guilty to creating and operating multiple DDoS IoT botnet, including Satori. Kenneth Currin Schuchman (21) from Vancouver, Washington, aka Nexus Zeta, pleaded guilty to creating and operating multiple DDoS IoT botnets. Court documents revealed that the man suffers from Asperger Syndrome and autism disorder. Schuchman compromised hundreds […]

Mirai based Schuchman satori botnet

Kenneth Currin Schuchman (21) from Vancouver, Washington pleaded guilty to creating and operating multiple DDoS IoT botnet, including Satori.

Kenneth Currin Schuchman (21) from Vancouver, Washington, aka Nexus Zeta, pleaded guilty to creating and operating multiple DDoS IoT botnets.

Court documents revealed that the man suffers from Asperger Syndrome and autism disorder.

Schuchman satori botnet

Schuchman compromised hundreds of thousands of IoT devices, including home routers and IP cameras, to create multiple DDoS IoT botnets that he rented to carry out the attacks.

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word.

The initial indictment did not name the malware, but “all signs point to the virulent Satori botnet that surfaced last fall, and has infected at least 500,000 internet routers around the word,” explained the popular expert Kevin Poulsen.

Now Schuchman guilty plea provides additional information about the criminal activity of the man, for example, that he worked with two accomplices, two hackers that have been identified as Vamp and Drake.

Vamp acted as a developer along with Schuchman, while Drake was tasked of the botnet sales and customer support. Schuchman also managed the purchases of new exploits for the botnet.

Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017. The first version was based on the Mirai bot and extended some of its features, it targeted devices with Telnet vulnerabilities, and leveraged an improved scanning system borrowed from the Remaiten botnet. The first Satori iteration targeted devices running with factory-settings or protected with easy-to-guess passwords, the bot infected over 100,000 devices in its first month. Schuchman claimed that over 32,000 of these devices infected by his bot belonged to a large Canadian ISP. the man also claimed that the botnet was capable of DDoS attacks of 1Tbps.

Between September an October 2017, Schuchman and his accomplices developed a new version of Satori named Okiru.

In November 2017 the trio created a new version named Masuta, that targeted GPON routers. In the same period, Schuchman also created his own separate botnet that used to attack the ProxyPipe DDoS mitigation firm.

In January 2018, Schuchman and Drake create a new botnet that combines combining features from the Mirai and Satori botnets. Schuchman, Vamp, and Drake continued to work on the botnet in March 2018 and infected up to 30,000 devices, most of them were Goahead cameras.

In April 2018, Schuchman develops a new DDoS botnet alone, it was based on the Qbot malware family. Schuchman also entered into a competition with Vamp, the two hackers attempted to destroy each other’s operations.

July 2018, the duo Schuchman and Vamp returned to work together, but authorities identified Schuchman and charged him.

Between August and October 2018, Schuchman violated pre-trial release conditions after accessing the internet and developing a new botnet. He was also responsible for a swatting attack on Drake’s home residence.

October 2018, Schuchman’s carrier stopped after the US authorities decided to detain and keep him in jail. Authorities tracked him because he used his father’s ID and credentials for registering online domains involved in DDoS attacks.

Schuchman faces up to ten years in prison, a fine of up to $250,000, and up to three years of supervised release.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Satori, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]