The LEGION collective calls to action to attack the final of the Eurovision song contest

The Pro-Russian volunteer movement known as LEGION is calling to launch DDoS attacks against the final of the Eurovision song contest.

The LEGION is a Pro-Russian volunteer movement that focuses on DDOS attacks. The group made the headlines for attacks against Western organizations and governments, including NATO countries and Ukraine. This week the Pro-Russian hacker group Killnet and Legion targeted the websites of several Italian institutions, including the senate and the National Institute of Health.

Now the Legion is calling to action to attack the final of the Eurovision Song Contest, which is taking place in Turin, Italy, this year.

In February, the European Broadcasting Union decided to exclude Russia from Eurovision Song Contest 2022 after the invasion of Ukraine.

Now the Legion published on its Telegram channel a call to attack the Eurovision, the collective is inviting its affiliates to launch the attack starting from 22:00 Moscow time. The attack aims at bringing down the official site of the event https://eurovision.tv/ until tomorrow morning and blocking the voting.

Below the message published on the Telegram Channel.

Order of the Supreme Commander of the Legion.

• Today at 22:00 Moscow time the Eurovision final will take place. Official site: https://eurovision.tv/
• Task #1: discover the source of online voting for TV viewers from all over the world!
• Task #2: Task #2 make a DDOS attack on the discovered servers and keep them until 07:00 Moscow time.
• All squads, start completing tasks.

A second message suggests affiliates download the official app of the event used to vote

https://eurovision.tv/app

Once downloaded the app, it is possible to use a sniffer to find the servers used to receive the votes, then members could launch DDoS attacks against these servers.

Below is other instructions provided by the collective:

Sniffer app on Android! Very comfortable 😍
⚡️https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture

1).Download the Eurovision app
https://eurovision.tv/app
2). Install the “install certificat” sniffer inside the application.
3). Press play and select an application from the list.
4). Run the Eurovision application and check IPs in the sniffer. Look at the package sizes. If zero, it’s a proxy, fuck it.

At the time of this writing, some members of crew have already discovered the IP addresses to attack and are sharing them online.

Stay tuned …

Update … The show has begun:

The gang aborted its operation

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Eurovision)

[adrotate banner=”5″]

[adrotate banner=”13″]