Cyber Attack cyber

X (formerly Twitter)

Jun 23, 2025 1 min read
X (formerly Twitter)

The sophisticated RapperBot botnet campaign targeted digital video recorders (DVRs) worldwide, exploiting vulnerable IoT devices to execute large-scale DDoS attacks. The campaign, a variant of the Mirai malware, compromised DVR systems to gain unauthorized access to surveillance cameras, leading to significant privacy and security issues. The attack on X (formerly Twitter) on March 10, 2025, caused a service disruption, demonstrating the malware's persistence and evolution over three years. The attackers exploited weak default passwords and infrequent firmware updates in DVRs, making them ideal for long-term botnet recruitment. The campaign's reach was amplified by targeting DVRs manufactured by Korean OEM ITX Security, distributed across multiple brands.

Source: https://cybersecuritynews.com/rapperbot-attacking-dvrs/

TPRM report: https://scoringcyber.rankiteo.com/company/twitter

"id": "twi606062325",
"linkid": "twitter",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Security',
                        'location': 'Korea',
                        'name': 'ITX Security',
                        'type': 'OEM'}],
 'attack_vector': 'Compromised DVR systems',
 'description': 'A sophisticated botnet campaign targeting digital video '
                'recorders (DVRs) has emerged as a significant threat to '
                'surveillance infrastructure worldwide, with cybercriminals '
                'exploiting vulnerable IoT devices to build massive botnets '
                'capable of large-scale distributed denial-of-service attacks.',
 'impact': {'systems_affected': 'DVR systems'},
 'initial_access_broker': {'entry_point': 'Weak default passwords, infrequent '
                                          'firmware updates',
                           'high_value_targets': 'DVRs manufactured by ITX '
                                                 'Security',
                           'reconnaissance_period': 'Continuous refinement '
                                                    'over three years'},
 'motivation': 'Building botnets for DDoS attacks',
 'post_incident_analysis': {'root_causes': 'Weak default passwords, infrequent '
                                           'firmware updates'},
 'references': [{'source': 'NICTER analysts'}],
 'threat_actor': 'RapperBot operators',
 'title': 'RapperBot Botnet Campaign Targeting DVRs',
 'type': 'Botnet',
 'vulnerability_exploited': 'Weak default passwords, infrequent firmware '
                            'updates'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.