Researchers have spotted a new wave of DDoS attacks launched by the Russia-linked APT-C-53 aka Gamaredon. Further, the attackers have open-sourced the code of a DDoS Trojan called LOIC.

Recent DDoS attacks

A researcher from 360 Qihoo spotted malware instances compiled in early March, a few days after the Russia-Ukraine war.
  • Experts observed attackers launch multiple attacks, such as phishing campaigns and malware attacks. They located the C2 infrastructure used by the Gamaredon threat group.
  • Some of the domains involved in the recent DDoS attacks include decree[.]maizuko[.]**, caciques[.]gloritapa[.]**, and jealousy[.]jump[.]artisola.**.
  • The malicious code propagated by the APT group included hard-coded IP addresses and ports of the targets.

More insights

  • Further, multiple C2 servers propagated an open-source LOIC trojan compiled by Dotnet between March 4 and 5.
  • Researchers claim that the distribution of the LOIC trojan could be a stage for a new round of DDoS attacks.

Recent attacks by Gamaredon 

  • In February, the Gamaredon group attempted to compromise an unnamed Western government entity operating in Ukraine amidst the Russian invasion.
  • In March, security officials from Ukraine warned against ongoing attacks by InvisiMole, a hacking group with ties to the Gamaredon group.


The Russian invasion of Ukraine has brought multiple devastating cyberattacks sponsored by nation-states. The recently observed DDoS attacks by APT-C-53 are a prime example of it. Thus, organizations are suggested to stay protected and follow agencies such as CERT-UA for recommendations and guidelines.
Cyware Publisher