The LEGION collective calls to action to attack the final of the Eurovision song contest

Pierluigi Paganini May 14, 2022

The Pro-Russian volunteer movement known as LEGION is calling to launch DDoS attacks against the final of the Eurovision song contest.

The LEGION is a Pro-Russian volunteer movement that focuses on DDOS attacks. The group made the headlines for attacks against Western organizations and governments, including NATO countries and Ukraine. This week the Pro-Russian hacker group Killnet and Legion targeted the websites of several Italian institutions, including the senate and the National Institute of Health.

Now the Legion is calling to action to attack the final of the Eurovision Song Contest, which is taking place in Turin, Italy, this year.

In February, the European Broadcasting Union decided to exclude Russia from Eurovision Song Contest 2022 after the invasion of Ukraine.

Now the Legion published on its Telegram channel a call to attack the Eurovision, the collective is inviting its affiliates to launch the attack starting from 22:00 Moscow time. The attack aims at bringing down the official site of the event until tomorrow morning and blocking the voting.

Below the message published on the Telegram Channel.

Order of the Supreme Commander of the Legion.

  • Today at 22:00 Moscow time the Eurovision final will take place. Official site:
  • Task #1: discover the source of online voting for TV viewers from all over the world!
  • Task #2: Task #2 make a DDOS attack on the discovered servers and keep them until 07:00 Moscow time.
  • All squads, start completing tasks.
Eurovision Legion

A second message suggests affiliates download the official app of the event used to vote

Once downloaded the app, it is possible to use a sniffer to find the servers used to receive the votes, then members could launch DDoS attacks against these servers.

Below is other instructions provided by the collective:

Sniffer app on Android! Very comfortable 😍

1).Download the Eurovision app
2). Install the “install certificat” sniffer inside the application.
3). Press play and select an application from the list.
4). Run the Eurovision application and check IPs in the sniffer. Look at the package sizes. If zero, it’s a proxy, fuck it.

At the time of this writing, some members of crew have already discovered the IP addresses to attack and are sharing them online.

Stay tuned …

Update … The show has begun:

The gang aborted its operation

Eurovision Legion 2

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit:  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Eurovision)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment