Wednesday, March 1, 2017

The Reemergence of a Threat Actor: Six More Weeks of DDoS

Wapack Labs research is observing the reemergence of a known threat actor. After a year-long hiatus, he is displaying habitual activity online. The threat actor is one of the leaders of an established Russian based hacking group who sells their DDoS-as-a-service. In the past, he advertised DDoS services in a number of English, Spanish, and Russian forums. Increased DDoS activity from this group is likely in the near future.

When dealing with high-end threat actors, it is usually safe to take them at their word. This allows us to assess, with medium to high confidence, that this group will resume offering DDoS services, and that this activity will likely result in an increase in DDoS attacks against a wide range of organizations worldwide. We have seen no indications that any Red Sky Alliance members are being targeted at this time, but any organization that has not already done so should verify their ability to mitigate the effects of a DDoS attack either with their own capabilities or those of a third party...READ MORE

Wapack Labs has cataloged and extensively reported on DDoS attackers in the past. An archive of related reporting can be found in the Red Sky Alliance portal.

TLP: AMBER
ACTOR TYPE: (III)
SERIAL: IA-006-2017
COUNTRIES: RU
INDUSTRIES: All
REPORT DATE: 20170301