DDoS attacks on game servers by RapperBot.
N2K logoNov 17, 2022

Game servers have been the target of activity by RapperBot, FortiGuard Labs researchers report.

DDoS attacks on game servers by RapperBot.

Distributed Denial of Service (DDoS) attacks have been detected in game servers, Fortinet reports. FortiGuard Labs researchers say the activity is the work of RapperBot, seen in campaigns earlier this year.

RapperBot’s methodology.

FortiGuard Labs researchers used RapperBot’s unique bot ID to communicate with its Command-and-Control (C2) server, and discovered differences between this campaign and previous RapperBot campaigns. This campaign is different than previous RapperBot campaigns, as Fortinet reports that this adds “DoS attacks against the GRE protocol (likely reusing the Mirai source code) and the UDP protocol used by the Grand Theft Auto: San Andreas Multi Player (SA:MP) mod.” The earliest samples found for the campaign were in December 2021, with the SA:MP attack not added until February of 2022, and the whole campaign disappeared in April, resurfacing in October 2022.

RapperBot's criminal connections.

Bleeping Computer reports that Fortinet believes that all RapperBot campaigns are done by the same threat actors, with newer variants sharing a source code. Reportedly, the C2 communication protocol is the same, credentials used have been the same since August 2021, and there are no signs of campaign overlaps.