Cybercriminals are taking advantage of the growing amount of geopolitical tensions right now. No matter what crisis the world is facing at a given time, threat actors are always ready to leverage it. They are currently launching DDoS attacks against various targets. 

Diving into details

  • A threat actor launched an attack using DanaBot against the webmail server belonging to the Ukrainian Ministry of Defense. 
  • The malware was utilized to deploy another second-stage malware. However, the perpetrators remain unknown. 
  • The malware is usually distributed to commit banking fraud and steal credentials. 
  • The DDoS attack was launched using the malware’s download and execute commands. The downloaded DDoS executable was written in Delphi, similar to DanaBot.
  • The White House attributed the attacks to the Russian GRU. It, moreover, believes that the attacks possibly laid the groundwork for more disruptive attacks on Ukraine.

Avast also found

Initiatives are being made via social media encouraging regular people to become hackers by downloading DDoS tools to conduct attacks against Russian targets.  
  • One of the tools promoted for this purpose isn’t secure. It gathers personal information, including IP address, country code, location, system language, hardware configuration, and user name.
  • The configuration is downloaded from a remote server and hence, the tool supports a DDoS attack on any target picked by the server operator.
  • For instance, around 900 Ukrainian users installed the disBalancer program to launch DDoS attacks on Russian websites. The program registers the user and once the attack is launched, the registration runs without any user knowledge.

What else?

  • Threat actors are leveraging the Log4Shell flaw to launch DDoS and cryptomining attacks. Some DDoS malware exploiting the vulnerability include Mirai, BillGates, Kinsing, XMRig, and Mushtik variants. 
  • The Russian government shared a list containing 17,576 IP addresses reportedly used to conduct DDoS attacks against Russian organizations and networks. 

The bottom line

The tide of DDoS attacks is taking the world by storm. Launching DDoS attacks is illegal and experts discourage users from engaging in such activities. Downloading tools to perform attacks puts even the users at risk of losing their personally identifiable information. The counterproductive collateral damage caused may have severe consequences, especially if users don’t understand what they are doing. 

Cyware Publisher