Information Assurance


Grum Botnet still alive

by Shannon Simpson | Nov 21, 2013

We have been picking some interesting traffic up on the Hut3 Cyber Intelligence Network today, in fact it's still occurring now. It's a sustained attack from two IP Addresses that has so far lasted around 24 hours and is causing all the sensors to go off the "scale" so to speak with attacks on each of the affected nodes registering an average of 1 attack every 2 seconds, basically the sensors we have built to record various stats about the attacks have been jammed all day.

The IP's are associated with the Grum Botnet

This traffic hits seemingly randomly ports on the honeypots, and doesn't ever perform a full attack (i.e. it hasn't so far uploaded malware or tried to actually hack the box), it just forms a connection and then drops, the two ip's in question have hit 4 of our honeypots constantly all day; incidentally each of these honeypots are all hosted by the same company but in different data centres (New York and Amsterdam)..perhaps suggesting the attacks may be targeted against the hosting company for some reason - The following IP's were detected as the source, and were pin pointed to a DC in the Netherlands (



Hut3 Cyber Intelligence Team