Microsoft Discovers Cross-platform DDoS Botnet Targeting Private Minecraft Servers

6 January, 2023

Microsoft Discovers Cross-platform DDoS Botnet Targeting Private Minecraft Servers

Microsoft security researchers discovered a cross-platform botnet that was used to launch distributed Denial of Service (DDoS), attacks against private Minecraft Java server servers. The Microsoft Defender for IoT research group examined the botnet, which originates from malicious software downloaded to Windows devices and is capable of spreading to a variety Linux-based devices.

The Microsoft Security Threat Intelligence team shared information about how the botnet affects multiple platforms, DDoS capabilities, as well as recommendations for devices to avoid becoming part of a botnet in a blog post.

The activity is being tracked as DEV-1028. This cross-platform botnet infects Windows, Linux, and IoT devices. Its unique spreading mechanism makes it a threat. While the malware can be removed from infected sources PCs, it could remain on unmanaged IoT devices and continue to operate as part the botnet.

Researchers at Microsoft claim that the botnet's initial infection points were devices infected by malicious cracking tools. These tools purport to obtain illegal Windows licenses. Researchers also discovered that the malware was hardcoded to attack Minecraft server version 1.12.2. This attack can affect all versions of Minecraft between 1.7.2 to 1.18.2.

Microsoft stated that organizations must implement the basic security measures to protect identities and devices from threats like MCCrash.

Avoid downloading cracking software as they can be used to spread malware.
- Use Microsoft Defender for IoT as a comprehensive IoT security system. This will allow visibility and monitoring of all IoT devices and OT devices, threat detection, response, and integration to SIEM/SOAR, XDR platforms, such as Microsoft Sentinel or Microsoft 365 Defender.
Users who host private Minecraft servers should upgrade to version 1.19.1 or higher.