Team DDOS

Also known asteam_ddos

Team DDOS is a white-hat security research team known from Pwn2Own Ireland 2025 for demonstrating multiple QNAP vulnerabilities. The provided content identifies Team DDOS as having chained multiple bugs in QNAP routers and NAS devices to gain root access, earning a $100,000 reward. Specifically, Team DDOS demonstrated CVE-2025-62840 and CVE-2025-62842 affecting HBS 3 Hybrid Backup Sync, and also demonstrated a separate chain of four SD-WAN router vulnerabilities, CVE-2025-62843 through CVE-2025-62846, affecting QNAP QHora devices. The described impacts of the demonstrated issues included unauthorized access to sensitive information, path traversal, SQL injection-based command execution, privilege escalation, unexpected system behavior, and full device compromise up to root access. Team DDOS is mentioned alongside other Pwn2Own 2025 research teams including Summoning Team, DEVCORE, and CyCraft. The content characterizes Team DDOS as a research team participating in coordinated vulnerability disclosure through the Pwn2Own competition; there is no information in the provided content indicating malicious operations, victimology, sub-groups, or nation-state affiliation.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

MITRE ATT&CK

Tradecraft

5 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

6 of 15 tactics8 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0001

Initial Access

2 techniques

T1078

Valid Accounts

T1190

Exploit Public-Facing Application

TA0002

Execution

1 technique

T1203

Exploitation for Client Execution

TA0003

Persistence

1 technique

T1078

Valid Accounts

TA0004

Privilege Escalation

2 techniques

T1068

Exploitation for Privilege Escalation

T1078

Valid Accounts

TA0005

Stealth

1 technique

T1078

Valid Accounts

TA0009

Collection

1 technique

T1005

Data from Local System

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

security affairsNews

Mar 23, 2026

QNAP fixed four vulnerabilities demonstrated at Pwn2Own Ireland 2025

Security research team that demonstrated a chained exploit against QNAP devices at Pwn2Own Ireland 2025 to gain root access.

socradar blogNews

Nov 10, 2025

Severe QNAP NAS Zero-Day Flaws Patched After Pwn2Own 2025: What You Should Know

Security research team that discovered and demonstrated zero-day vulnerabilities in QNAP NAS devices during Pwn2Own Ireland 2025.

securityaffairsNews

Nov 10, 2025

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

Participated in Pwn2Own 2025, demonstrating zero-day vulnerabilities in QNAP products as part of a white-hat hacking competition.

bleeping computerNews

Nov 7, 2025

QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own

Participated in Pwn2Own Ireland 2025, demonstrating zero-day vulnerabilities in QNAP NAS devices.

+1 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping5

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.