Credential Stuffing Botnet Exposed with Full Access to Attack Infrastructure

Severity: High (Score: 63.9)

Sources: Gbhackers, Cybersecuritynews

Summary

A credential stuffing botnet targeting Twitter/X accounts has been discovered fully exposed online, allowing unrestricted access to its command-and-control infrastructure. The botnet, named 'Twitter Checker Master Panel – FULL FIX v2.3', is hosted on a Windows Server 2019 instance in Germany and has left its control panel and worker server credentials publicly accessible without any password protection. This exposure includes root SSH passwords for all 18 worker servers, enabling potential attackers to manipulate the botnet easily. The incident raises significant concerns about the security of user accounts on Twitter/X, as the botnet is actively engaged in credential stuffing attacks. No specific vulnerabilities (CVEs) were mentioned, but the lack of security measures poses a critical risk. The botnet's full operational capabilities are currently available to anyone who knows where to look. As of today, the botnet remains exposed and operational. Key Points: • A credential stuffing botnet targeting Twitter/X is fully exposed online. • The botnet's control panel and worker credentials are accessible without passwords. • Root SSH passwords for all 18 worker servers are publicly available.

Key Entities

• Botnet (attack_type)
• Credential Stuffing (attack_type)
• T1021 - Remote Services (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• T1110 - Brute Force (mitre_attack)
• SSH (tool)
• Twitter (company)
• X (company)
• Windows Server 2019 (platform)
• Flask (platform)