Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers
Essential information
- Published
- 11/05/2026 08:55
- Modified
- 11/05/2026 09:56
- Tags
- 2026-05-11 bot_x64 ddos botnet game servers honeypot analysis jenkins exploitation opportunistic attacks scripttext abuse source engine vietnam infrastructure win_sys.exe
- Related entities
- 1 vulnerabilities (cve), 8 observables, 18 techniques (mitre), 2 malware, 1 others
Description
Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.