The Russia-linked APT-C-53 alias Gamaredon has initiated a fresh round of DDoS assaults, according to researchers. Furthermore, the attackers have released the source code for the LOIC DDoS Trojan.
DDoS attacks that have occurred recently
A 360 Qihoo researcher discovered malware instances created in early March, only days after the Russia-Ukraine conflict.
Experts have seen attackers carry out a variety of operations, including phishing campaigns and malware attacks. They discovered the Gamaredon threat group’s C2 infrastructure.
decree[.]maizuko[.]**, caciques[.]gloritapa[.]**, and jealousy[.]jump[.]artisola.** are among the domains targeted in recent DDoS assaults.
The APT gang used hard-coded IP addresses and ports of the targets in its malicious malware.
More information
Between March 4 and 5, numerous C2 servers spread an open-source LOIC malware created by Dotnet.
According to researchers, the spread of the LOIC malware might pave the way for a new wave of DDoS attacks.
Gamaredon’s recent assaults
During the Russian invasion of Ukraine in February, the Gamaredon gang sought to compromise an undisclosed Western government agency working in Ukraine.
In March, Ukrainian security officials warned of continued attempts by InvisiMole, a hacker gang linked to the Gamaredon organisation.
Conclusion
Multiple destructive cyberattacks sponsored by nation-states have resulted from Russia’s invasion of Ukraine. DDoS assaults by APT-C-53, which were just discovered, are a great example. As a result, it is recommended that enterprises keep secured by following authorities such as CERT-UA for advice and instructions.