CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

A botnet created to facilitate DDoS attacks

admin by admin
January 16, 2023
in Information Security


The hacker group targets a wide range of organizations, including courts, banks, educational institutions, government agencies, and transport services.

The DDosia project is a successor of the Bobik botnet linked to the pro-Russian hacker group called NoName(057)16, as revealed in a recent analysis by Avast researcher Martin Chlumecky. The group targets DDoS attacks on private and public organizations in Ukraine, Poland, Latvia, Lithuania, Czechia, and other European countries.

“Right from the beginning of the Ukraine war, we saw an increase in DDoS activity via the Bobik malware, so infected victims did not know their computer was making DDoS attacks. However, NoName057(16) has changed their philosophy and publicly calls on social media for people to engage as hacktivists and download the DDosia tool to take down sites with anti-Russian and Russophobic content,” Chlumecky says.

The latest analysis of the DDosia project, conducted between August 1 and November 30, 2022, revealed that the hacker group has set up the DDosia project as a backup plan, in case the Bobik Command and control (“C&C”) server is taken down. The Bobik botnet server was indeed taken down at the beginning of September.

The research also revealed that the hacker group targets a wide range of organizations, including courts, banks, educational institutions, government agencies, and transport services. In total, Avast observed roughly 1,400 DDoS attack attempts by DDosia project members, with 190 of them being successful, giving the group a success rate of approximately 13%.

The success rate of attacks increased in November, likely due to targeting multiple sub-domains belonging to the same primary domain. For example, the hackers targeted subdomains belonging to the .gov.pl domain, most of which run on the same platform, increasing their chances of taking down selected servers.

Telegram being used as a malicious platform

NoName(057)16 also has a dedicated, private Telegram channel with about 1,300 followers, which they refer to as “heroes”. These “heroes” can link a crypto wallet and earn up to 80,000 Russian rubles (~$1,200 USD) in cryptocurrencies for the successful DDoS attacks they carry out.

“Without great technical knowledge, members of the DDosia group can earn up to 80,000 Russian rubles (about 1,200 USD) in cryptocurrencies for successful DDoS attacks,” Chlumecky says. “Thus, the motivation moves from political to financial aspects. The hacker group NoName(057)16 uses this financial incentive to increase its success rate and thus make a name for itself in the hacker community – political motivation may play only a subordinate role for many, both at the level of the project heads and among the participating users.’

It should be noted that the communication between hackers and “heroes” is unencrypted and unauthenticated, allowing anyone to manipulate their performance statistics. Avast also detected a handful of users attempting to download the DDosia executable, but noticed Avast users across Russia as well as users in Canada and Germany adding the program to Avast AV’s exceptions list.

“While it may be tempting for many people to join these cyber groups to boost their finances, it is still a cyberattack with all the consequences – including legal consequences,” Chlumecky says.” That should be clear to everyone.”


Want to know more about the DDosia project? We’ve taken an in-depth look at it on Decoded.



Source link

Previous Post

Yes, it’s Agile –> Three Useful Questions that Block Scrum Teams

Next Post

How to revoke federated users’ active AWS sessions

Related Posts

Information Security

New Android Banking Trojan Targeting Brazilian Financial Institutions

by admin
February 4, 2023
Information Security

Fall 2022 PCI DSS report available with six services added to compliance scope

by admin
February 4, 2023
Information Security

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

by admin
February 3, 2023
Information Security

How to improve security incident investigations using Amazon Detective finding groups

by admin
February 3, 2023
Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Next Post

How to revoke federated users’ active AWS sessions

Recommended

Initiativesofreinvention

February 4, 2023

New Android Banking Trojan Targeting Brazilian Financial Institutions

February 4, 2023

Fall 2022 PCI DSS report available with six services added to compliance scope

February 4, 2023

Initiativesofnonlinearity ~ Future of CIO

February 3, 2023

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

February 3, 2023

How to improve security incident investigations using Amazon Detective finding groups

February 3, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.