In October 2023, the 7777-Botnet was first discussed in a writeup titled, The Curious Case of the 7777-Botnet. The author, supported by other researchers, describes a ~10,000 node botnet that’s purpose is to brute-force Microsoft Azure user credentials.
It employs targeted, low-volume methods that are so effective that they were only discovered due to a geolocation login anomaly. The botnet’s targets include VIP users from organizations within the United States and Europe. Additionally, the writeup details loose links to the well-known threat actors Scattered Spider and Lazarus, based on reports from CrowdStrike and ReversingLabs respectively. The botnet, which has a fairly-distinct signature, remains active.