Cyble Research & Intelligence Labs (CRIL) researchers have identified a cyber threat targeting the upcoming Paris Olympics.
On June 23, 2024, a Russian hacktivist group known as the “People’s Cyber Army” (Народная Cyber Армия) and their allies, HackNeT, announced their intentions to launch Distributed Denial of Service (DDoS) attacks on multiple French websites.
This announcement has raised concerns about the cybersecurity of the Summer Olympics, which is set to take place in Paris.
The Announcement and Initial Attacks
According to the Cyble Research & Intelligence Labs (CRIL) researchers, the People’s Cyber Army made its first post regarding its campaign to target the Paris Olympics on its Telegram channel on June 23, 2024, at 0840 hours UTC.
Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files
This post was followed by a claim of a successful DDoS attack on the website of Festival La Rochelle Cinéma (Fema) (festival-larochelle.org) at approximately 0830 hours UTC.
They supported their claim with a link to a domain downtime monitoring website, ‘check-host.net.’
HackNeT joined the campaign three hours later by forwarding the same post from the People’s Cyber Army’s Telegram channel.
Shortly after, HackNeT claimed to have successfully DDoSed the website of the French palace cum cultural and exhibition center, Grand Palais (Paris) (grandpalais.fr).
Overview of Threat Actor’s Activities
The People’s Cyber Army is a notorious hacktivist group with a history of high-profile cyberattacks. One of their most significant attacks was on Ukraine’s nuclear agency. The group is linked to APT44, Sandworm, FROZENBARENTS, and Seashell Blizzard.
Their first mention dates back to March 2022, and since then, they have amassed a significant following on their Telegram channel, currently known as CyberArmyofRussia_Reborn, with 51,000 subscribers.
The People’s Cyber Army regularly collaborates with other pro-Russian hackers, including NoName057(16), HackNeT, CyberDragon, and UserSec Collective.
They are politically motivated and often publish justifications for their attacks on their Telegram channel.
DDoS Tools and Techniques
The People’s Cyber Army’s DDoS tool is coded in Python and features various techniques for carrying out Layer 4 and Layer 7 attacks.
The tool utilizes both multithreading and multiprocessing to send requests simultaneously, increasing the effectiveness of the attack. It also has proxy support to hide the attacker’s IP address, making it harder to track the attack.
The group encourages its Telegram subscribers to use these tools by posting brief tutorials on how to install and use them.
Telegram Post describing the use of DDoS tools
HackNeT: An Emerging Threat
HackNeT is a pro-Russian group that began operations in February 2023. It should not be confused with the Xaknet group, which has been inactive since November 2023.
HackNeT conducts politically motivated attacks and often collaborates with other pro-Russian hacktivist groups, including NoName057(16), People’s Cyber Army, CyberDragon, 22C, and UserSec Collective.
The People’s Cyber Army’s connection with APT44 underscores the seriousness of the threat. Given the group’s consistency in statements and history of attacks, it is crucial to investigate this incident thoroughly.
The announcement of these “training DDoS attacks” suggests that the group is preparing for larger-scale attacks during the Summer Olympics in Paris.
The cyber threat posed by the People’s Cyber Army and HackNeT is a significant concern for the upcoming Paris Olympics.
The international community and cybersecurity experts must remain vigilant and take proactive measures to safeguard the event’s digital infrastructure.
As the Olympics draw closer, the potential for more sophisticated and large-scale cyberattacks looms, necessitating a coordinated and robust defense strategy.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo