New DDoS Platform Agitates Healthcare Networks
Category: Network Security | Industry: Healthcare | Level: Strategic | Source: Radware
Distributed denial-of-service (DDoS) is one of the leading cyber weapons of choice used by Russian hacktivists and threat actors. An expansion of these attacks has increased due to new DDoS-as-a-Service (DDoSaaS) such as 'DDOSIA’ a pro-Russian crowdsourcing project and now, a new botnet created by the Passion group. Radware researchers discovered the Passion botnet was active on January 27th, targeting medical institutions against the United States and NATO allies in Ukraine. The Passion group is assessed to be aligned with Russian threat actors Killnet and Anonymous Russia. Passion operators are highly active on Telegram with over 200 members and their presence on the platform can be traced all the way back to March 2022.
The Passion DDoS platform is offered as a subscription-based model with options for the user to customize "attack vectors, duration, and intensity." A total of 10 application layer web attacks methods are supported on the platform for HTTP Raw, Crypto, UAM Browser, HTTPS Mix, Browser, Bypass, DNS l4, Mixamp l4, OVH-TCP l4, and TCP-Kill l4. Flexibility is provided in the platform to customize the attack to increase the likelihood of a successful web takedown and challenge the response mechanisms of the targeted organization. A common calling card is left following a Passion group's DDoS attack as a link to a web monitoring site, check-host[.]net.