Not necessarily. It could be one for loop running on tens of thousands of compromised IoT devices, with the only thing distributed being the command that starts the loops.
What would making a C&C server for a botnet hard? It's not like you need to carefully coordinate all those clients to hit precise timings, you just tell them who to target and let them rip, don't you?
Coordinating a botnet to launch a DDoS is commodity software at this point. You could argue that the engineering that went into the coordination software is good, which may or may not be true, but simply launching a botnet is well within the capabilities of a script kiddie and not something that shows sophistication on the part of the attacker.
saulpw|8 months ago
luckylion|8 months ago
lolinder|8 months ago
jjtheblunt|8 months ago