Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

360 Qihoo reported DDoS attacks launched by APT-C-53 (aka Gamaredon) conducted through the open-source DDoS Trojan program LOIC.

Researchers at 360 Qihoo observed a wave of DDoS attacks launched by Russia-linked APT-C-53 (aka Gamaredon) and reported that the threat actors also released as open-source the code of a DDoS Trojan called LOIC. The instances of the malware spotted by the experts were compiled in early March, a few days after the Russian invasion of Ukraine began.

“We found that multiple C2 servers distributed an open-source DDoS Trojan program LOIC compiled by .net from March 4th to 5th, 2022.” reads the analysis published by 360 Qihoo.

While monitoring the activity of the APT group, experts observed threat actors conducting multiple attacks, including phishing campaigns and malware attacks. The experts were able to locate the C2 infrastructure used by the nation-state actors.

Below is the list of domains involved in the DDoS attacks:

decree.maizuko.**

caciques.gloritapa.**

delicate.maizuko.**

jealousy.jump.artisola.**

dense.gitrostan.**

decision.lotorgas.**

decency.maizuko.**

junior.jacket.artisola.**

defective88.maizuko.**

deception.lotorgas.**

destination.delight.coffiti.**

cachinate.gloritapa.**

January.josie.artisola.**

defective19.maizuko.**

deception.lotorgas.**

destination.delight.coffiti.**

The malicious code distributed by the APT group includes hardcoded IP addresses and ports for the targets.

“The distribution of the LOIC Trojan may be the prelude to a new round of DDoS attacks.” concludes the researchers that also shared Indicators of compromise for the attacks.

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)

To nominate, please visit: 

https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Gamaredon

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.