Radware’s threat intelligence team has released a threat advisory about the Passion Botnet, a DDoS-as-a-Service the Passion Group is offering to pro-Russian hacktivists.
Killnet used the Passion Botnet earlier this week during an attack targeting medical institutions in the USA, Portugal, Spain, Germany, Poland, Finland, Norway, the Netherlands, and the UK.
The attack was retaliating against these nations for sending tanks in support of Ukraine.
“The network between Killnet, Anonymous Russia and their affiliates is substantial enough to pose a moderate risk to public and private infrastructure,” says Pascal Geenens, Threat Intelligence Director, Radware.
“While Killnet and its affiliates do not have a track record of inflicting operational impact, the group has had time to gather experience, build tools, gain support, and increase its circle of influence with other pro-Russian groups.
“Consequently, a threat from Killnet to explore more impacting campaigns should not be ignored or the cause of alarm but treated with caution.”
It is still unknown where the Passion Group has come from, but it has made its presence known, especially since the beginning of 2023.
The group recently began offering DDoS-as-a-Service to pro-Russian hacktivists for just $30 for one week of service, up to $1,440 for a whole year of prepaid service.
Additional hacktivist groups, including Anonymous Russia, MIRAI, Venom and Killnet, have also promoted Passion.
Radware notes there are three specific reasons that make this situation concerning.
Firstly, in response to Killnet, a range of pro-Russian threat groups, such as Anonymous Russia and the Passion Group, launched DDoS attacks supporting the operation.
Secondly, the Passion Botnet provides subscribers with ten attack vectors. These include application layer encrypted web attacks, L4 attacks, DNS attacks and UDP/TCP floods. Providing this range of attack options means the Passion Group is allowing its subscribers to customise their attack and increase the chance of a successful takedown.
Lastly, hacktivists and defacement attacks can pose serious risks to the organisations they target, making it essential for companies to take a proactive approach to put measures in place that will offer complete visibility into their hybrid infrastructure to detect and assess the impact of breaches and defacements.
This threat advisory comes after Radware issued one about a for-profit threat group from China known as the 8220 Gang, who emerged in the New Year targeting public cloud environments.
Also known as 8220 Mining Group, the gang carries out its attacks using a custom-built crypto miner and IRC bot, also targeting poorly secured applications.
The 8220 Gang uses various strategies to hide their activities and evade being detected.
However, the group’s skills are not perfect, and Radware caught it attempting to infect one of its Redis honeypots.
The 2022 Radware Threat Report notes that Redis was the fourth most scanned and exploited TCP port in Radware’s Global Deception Network last year, up from the 10th position in 2021.