The hacker group targets a variety of organizations, together with courts, banks, academic establishments, authorities companies, and transport companies.
The DDosia undertaking is a successor of the Bobik botnet linked to the pro-Russian hacker group known as NoName(057)16, as revealed in a latest evaluation by Avast researcher Martin Chlumecky. The group targets DDoS assaults on personal and public organizations in Ukraine, Poland, Latvia, Lithuania, Czechia, and different European nations.
“Proper from the start of the Ukraine struggle, we noticed a rise in DDoS exercise by way of the Bobik malware, so contaminated victims didn’t know their pc was making DDoS assaults. Nevertheless, NoName057(16) has modified their philosophy and publicly calls on social media for individuals to have interaction as hacktivists and obtain the DDosia instrument to take down websites with anti-Russian and Russophobic content material,” Chlumecky says.
The most recent evaluation of the DDosia undertaking, carried out between August 1 and November 30, 2022, revealed that the hacker group has arrange the DDosia undertaking as a backup plan, in case the Bobik Command and management (“C&C”) server is taken down. The Bobik botnet server was certainly taken down at the start of September.
The analysis additionally revealed that the hacker group targets a variety of organizations, together with courts, banks, academic establishments, authorities companies, and transport companies. In whole, Avast noticed roughly 1,400 DDoS assault makes an attempt by DDosia undertaking members, with 190 of them being profitable, giving the group a hit charge of roughly 13%.
The success charge of assaults elevated in November, possible attributable to concentrating on a number of sub-domains belonging to the identical main area. For instance, the hackers focused subdomains belonging to the .gov.pl area, most of which run on the identical platform, growing their probabilities of taking down chosen servers.
Telegram getting used as a malicious platform
NoName(057)16 additionally has a devoted, personal Telegram channel with about 1,300 followers, which they discuss with as “heroes”. These “heroes” can hyperlink a crypto pockets and earn as much as 80,000 Russian rubles (~$1,200 USD) in cryptocurrencies for the profitable DDoS assaults they perform.
“With out nice technical data, members of the DDosia group can earn as much as 80,000 Russian rubles (about 1,200 USD) in cryptocurrencies for profitable DDoS assaults,” Chlumecky says. “Thus, the motivation strikes from political to monetary features. The hacker group NoName(057)16 makes use of this monetary incentive to extend its success charge and thus make a reputation for itself within the hacker group – political motivation might play solely a subordinate position for a lot of, each on the degree of the undertaking heads and among the many collaborating customers.’
It ought to be famous that the communication between hackers and “heroes” is unencrypted and unauthenticated, permitting anybody to govern their efficiency statistics. Avast additionally detected a handful of customers trying to obtain the DDosia executable, however observed Avast customers throughout Russia in addition to customers in Canada and Germany including this system to Avast AV’s exceptions listing.
“Whereas it could be tempting for many individuals to hitch these cyber teams to spice up their funds, it’s nonetheless a cyberattack with all the implications – together with authorized penalties,” Chlumecky says.” That ought to be clear to everybody.”
Need to know extra in regards to the DDosia undertaking? We’ve taken an in-depth look at it on Decoded.
