Researchers have spotted a new wave of DDoS attacks launched by the Russia-linked APT-C-53 aka Gamaredon. Further, the attackers have open-sourced the code of a DDoS Trojan called LOIC.
Recent DDoS attacks
A researcher from 360 Qihoo spotted malware instances compiled in early March, a few days after the Russia-Ukraine war.
Experts observed attackers launch multiple attacks, such as phishing campaigns and malware attacks. They located the C2 infrastructure used by the Gamaredon threat group.
Some of the domains involved in the recent DDoS attacks include decree[.]maizuko[.]**, caciques[.]gloritapa[.]**, and jealousy[.]jump[.]artisola.**.
The malicious code propagated by the APT group included hard-coded IP addresses and ports of the targets.
More insights
Further, multiple C2 servers propagated an open-source LOIC trojan compiled by Dotnet between March 4 and 5.
Researchers claim that the distribution of the LOIC trojan could be a stage for a new round of DDoS attacks.
Recent attacks by Gamaredon
In February, the Gamaredon group attempted to compromise an unnamed Western government entity operating in Ukraine amidst the Russian invasion.
In March, security officials from Ukraine warned against ongoing attacks by InvisiMole, a hacking group with ties to the Gamaredon group.
Conclusion
The Russian invasion of Ukraine has brought multiple devastating cyberattacks sponsored by nation-states. The recently observed DDoS attacks by APT-C-53 are a prime example of it. Thus, organizations are suggested to stay protected and follow agencies such as CERT-UA for recommendations and guidelines.