DDoS-as-a-Service: The Rebirth Botnet

In March 2024, the Sysdig Threat Research Team identified a DDoS-as-a-Service botnet named RebirthLtd, which operates primarily through a domain linked to the Mirai malware family and targets the video gaming community. The botnet is marketed via Telegram and an online store, offering services to disrupt gaming servers for financial gain, often affecting video game streamers. The RebirthLtd botnet, which has been active since its Telegram advertisement in early 2024, sells various packages that range in price and features, such as API access and the number of attacks per second. The botnet's infrastructure includes multiple attack methods like TCP and UDP floods, and it is closely monitored by a DDoS tracking site, Tumult.network. Attribution of the botnet's operators points to individuals using pseudonyms like "CazzG" and "Docx69," with connections to other botnets like estresse.pro and Tsuki. The Rebirth botnet has evolved from previous malware families, including Gafgyt, QBot, and STDBot, and continues to pose a threat by exploiting vulnerabilities in IoT devices. Detection and prevention of such threats emphasize the importance of maintaining security hygiene and deploying real-time threat detection systems.