Read Time:3 Minute, 32 Second

DDoS attacks in the Russian Federation impacted 250 thousand people

The power of DDoS attacks to which Russian companies are exposed has almost quadrupled in a week, ROSTELECOM-Solar.

Explosive indicators are associated by experts with the activities of the so-called hacktivist. Since February 24, dozens of chats and channels have appeared in Telegram that distribute instructions for organizing DDoS attacks. 

With their help, any user can become a participant in a cyber incident. Experts strongly recommend not to do this, since the use of malware is fraught with hacking of computers, as well as criminal liability.

Gazeta.Ru, Izvestia, RBC, and more sites were taken offline.

Information security experts note an increase not only in the number of attacks, but also in their power.  Rostelecom-Solar said that before the start of the special operation in Ukraine, peak DDoS capacities in Russia were on average 200 Gbps.  In recent days, this figure has increased to 750 Gb / s.  The difference is almost four times.

Egor Valov, head of WAF and Anti-DDoS at Rostelecom-Solar, believes that the reason for the jump is the mobilization of so-called hacktivists, groups of people who distribute instructions and tools for organizing DDoS attacks, and also involve caring Internet users in this activity  .

“In this case, we are talking about “hacktivists”, since the level of attackers is relatively low.  They use the most accessible tools and expect to take it by numbers, not by skill, ”Valov said.

The growth in attack power and the volume of devices involved in them was also confirmed by R-Vision.  They also tend to associate this trend with the geopolitical situation in the world.

“Hacktivists” coordinate their activities mainly in Telegram channels and chats.  As a rule, specific individuals stand behind such groups.  One of them, according to T.Hunter, is Alexander Litreev, a programmer living in the Baltics.  On February 27, he published in his Telegram channel a link to the Cyber-Hedgehog web service, which automatically connected user devices to DDoS attacks.  This link is currently disabled.

Also, T.Hunter specialists singled out the Telegram channel of hacker Vladislav Horokhorin – CyberSec’s.  On February 26, it published instructions for setting up your computers for DDoS attacks and a call to direct your efforts to destabilize the operation of such Russian resources as Gosuslugi, the websites of the Prosecutor General’s Office of the Russian Federation, the Accounts Chamber of the Russian Federation, and more.  At the same time, Khorokhorin threatened to organize cyber attacks that could lead to human casualties in Russia.

T.Hunter specialists also discovered several Ukrainian-language resources in Telegram dedicated exclusively to DDoS attacks in Russia.  The largest channel has over 65,000 subscribers.  The largest chat has about 25 thousand participants.  According to Igor Bederov, head of the information and analytical research department at T.Hunter.

According to Maxim Strupinsky, an information security consultant at the R-Vision Center of Expertise, the above groups are far from the largest.

While monitoring social networks, he and his colleagues repeatedly encountered groups with an audience of more than 250,000 subscribers.  According to Strupinsky, they distributed software that allowed creating a negative load, as well as instructions for launching it.

“Further, in order to obtain maximum efficiency from such an attack, coordination work is underway with a reflection of the start time and target,” the expert said.

In turn, Vladimir Makarov, Chief Audit Specialist of the T.Hunter Information Security Department, added that one of the most popular DDoS programs among hacktivists is LOIC.  This information is also confirmed by the fact that screenshots with the settings of this software are very often exchanged by participants in the mentioned Ukrainian-language chats.

To automate and synchronize the work of the botnet, those involved in this activity must connect to the network and grant the right to send requests on their behalf.

As a rule, special software installed on their [participants’] devices is used for such a connection, and, of course, there are no guarantees that this malware will not be used against the so-called “volunteers themselves,” said Egor Valov from Rostelecom-Solar, but it is usually not.

About Post Author

Treadstone 71

@Treadstone71LLC Cyber intelligence, counterintelligence, Influence Operations, Cyber Operations, OSINT, Clandestine Cyber HUMINT, cyber intel and OSINT training and analysis, cyber psyops, strategic intelligence, Open-Source Intelligence collection, analytic writing, structured analytic techniques, Target Adversary Research, cyber counterintelligence, strategic intelligence analysis, estimative intelligence, forecasting intelligence, warning intelligence, threat intelligence
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
%d bloggers like this: