Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
Pro-Russian Hackers Tricked into DDoS Attack on Decoy Target
Advertisements

The pro-Russian hacktivist group known as NoName057(16) was successfully deceived into directing a Distributed Denial of Service (DDoS) attack against a decoy server set up by cybersecurity firm Radware. The group believed it was targeting a Finnish parliamentary website, but the attack was diverted without their knowledge.

The incident was orchestrated by Radware after its researchers discovered a vulnerability in the hacktivist group’s own attack infrastructure. This allowed the cybersecurity firm to intercept the attack command and redirect the malicious traffic.

Exploiting the Attackers’ Own Toolkit

Radware’s team identified a flaw within ‘DDoSia,’ the DDoS-as-a-service toolkit utilized by NoName057(16) to coordinate its network of volunteers and launch attacks. By exploiting this vulnerability, Radware was able to replace the legitimate target URL—the Finnish parliamentary website—with the address of its own specially prepared decoy server, also known as a honeypot.

As a result, when the pro-Russian group initiated its attack, the entire volume of traffic from its network was sent directly to Radware’s controlled environment instead of the intended Finnish target. The actual parliamentary website remained online and completely unaffected by the event.

A False Victory and Valuable Intelligence

Following the diverted attack, the NoName057(16) group posted messages on its Telegram channel, claiming a successful takedown of the Finnish website. The hackers were unaware that their efforts had been misdirected and had caused no disruption to the intended victim.

By absorbing the full force of the DDoS attack, Radware was able to gather significant intelligence on the group’s tactics, infrastructure, and operational methods. The event was part of a wider campaign by NoName057(16) targeting nations that have provided support to Ukraine. The group had previously cited Finland’s membership in NATO as a motivation for its activities.

Source: https://www.techradar.com/pro/security/pro-russian-hackers-tricked-into-attacking-decoy-target