{"id":222983,"date":"2026-05-31T03:30:08","date_gmt":"2026-05-31T07:30:08","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/31\/glassworm-botnet-disrupted-after-resilient-c2-infrastructure-takedown\/"},"modified":"2026-05-31T03:30:11","modified_gmt":"2026-05-31T07:30:11","slug":"glassworm-botnet-disrupted-after-resilient-c2-infrastructure-takedown","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/31\/glassworm-botnet-disrupted-after-resilient-c2-infrastructure-takedown\/","title":{"rendered":"Glassworm botnet disrupted after resilient C2 infrastructure takedown"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/glassworm-botnet-disrupted-after-resilient-c2-infrastructure-takedown\/\">Glassworm botnet disrupted after resilient C2 infrastructure takedown<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/glassworm-botnet-disrupted-after-resilient-c2-infrastructure-takedown\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/glassworm-botnet-disrupted-after-resilient-c2-infrastructure-takedown\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-27 09:28:42<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p>The Glassworm botnet, which targeted software developers through supply-chain attacks, has been significantly disrupted after a joint initiative by CrowdStrike, Google, and The Shadowserver Foundation dismantled its resilient command-and-control infrastructure. By targeting four distinct communication channels, including Solana blockchain transactions and the BitTorrent Distributed Hash Table (DHT) network, the operation successfully severed the botnet&#8217;s ability to distribute malicious software, including extensions designed to steal cryptocurrency and developer credentials. Despite its use of unconventional, resilient channels like blockchain and a public calendar service for Google Calendar event titles to store C2 paths, the botnet&#8217;s disruption required simultaneous cessation of access to all four channels. As a result, machines previously compromised can no longer receive instructions from the botnet and are now flagged for remediation efforts by organizations. Researchers have provided YARA rules to aid in identifying infected systems.<\/p>\n<p>Key Points:<\/p>\n<p>&#8211; Disruption of the Glassworm botnet facilitated by CrowdStrike, Google, and The Shadowserver Foundation.<br \/>\n&#8211; Targeting multiple resilient C2 channels, including blockchain and BitTorrent DHT networks.<br \/>\n&#8211; Attack strategies extended through malicious software extensions, GitHub repositories, and npm packages.<br \/>\n&#8211; All infected machines now beacon to a known CrowdStrike IP for immediate remediation.<br \/>\n&#8211; YARA rules provided for detecting Glassworm infections on suspected systems.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Glassworm botnet disrupted after resilient C2 infrastructure takedown https:\/\/www.bleepingcomputer.com\/news\/security\/glassworm-botnet-disrupted-after-resilient-c2-infrastructure-takedown\/ Publish Date: 2026-05-27 09:28:42 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":222984,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2026\/03\/17\/glassworm.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[],"class_list":["post-222983","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222983"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=222983"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222983\/revisions"}],"predecessor-version":[{"id":222985,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222983\/revisions\/222985"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/222984"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=222983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=222983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=222983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}