Cyber warfare

Russia-linked Fronton botnet could run disinformation campaigns

Researchers warn that the Fronton botnet was used by Russia-linked threat actors for coordinated disinformation campaigns.

Fronton is a distributed denial-of-service (DDoS) botnet that was used by Russia-linked threat actors for coordinated disinformation campaigns.

In March 2020, the collective of hacktivists called “Digital Revolutionclaimed to have hacked a subcontractor to the Russian FSB. The group released sensitive documents and contracts about an IoT botnet, codename Fronton, built by the contractor 0day Technologies. The botnet was developed to conduct DDoS attacks, but further analysis revealed that it could be used to coordinate large-scale disinformation campaigns, mimiking the behavior of a large audience online.

“Nisos research focused on the distribution of the numerous content types. This release noted that DDoS “is only one of the many capabilities of the system.” Nisos analyzed the data and determined that Fronton is a system developed for coordinated inauthentic behavior on a massive scale.” reads the analysis published by the security firm NISOS.

The botnet provides a web-based dashboard known as SANA that allows operators to spread trending social media events, called ‘newsbreaks,’ en masse. SANA allows operators to create and manage fake social media persona accounts.

“Two example lists of posting source dictionaries were included in the data. One, involving comments around a squirrel statue in Almaty, Kazakhstan may have affected the reporting on a BBC story. As of April 2022, 0day technologies has changed its domain from 0day[.]ru to 0day[.]llc. An instance of the SANA system appears to be up at https://sana.0day[.]llc . Nisos assessed that this is possibly a testing or demo instance, and is not currently used by the FSB.” continues the report.

The botnet was developed to interact with multiple social media platforms, including Blog Sites, Media Sites, Forums (various engines), Sites (various engines). The Behavior Model creation process allows an operator to specify the times for each activity.

An additional investigation linked the Russian hacker Pavel SITNIKOV (aka FlatL1ne) to the 0day Technologies. Pavel Sitnikov, a prominent figure in the hacking underground, was arrested in May 2021 by Russian authorities on charges of distributing malware via his Freedom F0x Telegram channel.

The Russian hacker is a member of multiple underground hacking communities where he offered for sale the source code of multiple malware strains, including Alina, CarberpDexterRovnix, and Tinba.

The man claimed he was a member of a group that is directed linked to the notorious nation-state actor APT28.

If you want to know more about Sitnikov, let me suggest reading this interview published by The Record in December.

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)

To nominate, please visit: 

https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Fronton botnet)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Iranian Man pleaded guilty to role in Robbinhood Ransomware attacks<gwmw style="display:none;"></gwmw>

Iranian man pleads guilty to role in Baltimore ransomware attack tied to Robbinhood, admitting to…

53 minutes ago

DragonForce operator chained SimpleHelp flaws to target an MSP and its customers

Sophos warns that a DragonForce ransomware operator chained three vulnerabilities in SimpleHelp to target a…

11 hours ago

Russia-linked APT Laundry Bear linked to 2024 Dutch Police attack

A new Russia-linked APT group, tracked as Laundry Bear, has been linked to a Dutch…

18 hours ago

Nova Scotia Power confirms it was hit by ransomware attack but hasn’t paid the ransom

Nova Scotia Power confirms it was hit by a ransomware attack but hasn't paid the…

1 day ago

Crooks stole over $200 million from crypto exchange Cetus Protocol

Cetus Protocol reported a $223 million crypto theft and is offering to drop legal action…

1 day ago

Marlboro-Chesterfield Pathology data breach impacted 235,911 individuals

SafePay ransomware hit Marlboro-Chesterfield Pathology, stealing personal data of 235,000 people in a major breach.…

2 days ago