Russian Cybercriminals Launch New 'Passion' Attack Platform

What to know about Passion

• Its service is provided on a subscription basis, allowing customers to select their desired attack vectors, duration, and intensity. 
• Hackers accept payments through Bitcoin, Tether, and the Russian payment service QIWI. 
• They use the Dstat.cc measurement service to showcase its attack capabilities, strength, and efficiency to potential customers.

Other details

• Passion operators have listed 10 attack methods, including HTTP Raw, Cryptocurrency, UAM Browser, HTTPS Mix, Browser, Bypass, DNS l4, Mixamp l4, OVH-TCP l4, and TCP-Kill l4.
• They offer Layer 4 and Layer 7 attack capabilities and effectiveness against DDoS mitigation providers such as CloudFlare and Google Shield, and protection services from Amazon, Digital Ocean, Microsoft, OVH, and Vultr.

Possible Russian ties

• Passion’s TTPs resemble those of the other pro-Russian groups, such as KillNnet, MIRAI, Venom, and Anonymous Russia, involved in the Russo-Ukrainian conflict.
• After conducting a DDoS attack, it typically posts a link to a check-host[.]net page as evidence of its success, a common trait among several Russian attackers.
• The group targeted Z-CERT, an emergency response team for the healthcare sector in the Netherlands after it warned that the KillNet group was targeting European hospitals. This indicates that the interests of the Passion group are in-line with that of KillNet.

Driving the campaign

• Passion has a strong online presence through its Telegram channels with over 200 members, some dating back to March 2022. The group is attempting to create a community of patriotic hackers while promoting its DDoS services for financial gain. 
• It has both an informative and a chat channel, where it updates its followers on current campaigns. Such social communities can seriously threaten organizations due to their ability to adapt, work together, and share resources.

The bottom line