Friday, November 1, 2024
Homecyber securityHacktivist Groups Preparing for DDoS Attacks Targeting Paris Olympics

Hacktivist Groups Preparing for DDoS Attacks Targeting Paris Olympics

Published on

Malware protection

Cyble Research & Intelligence Labs (CRIL) researchers have identified a cyber threat targeting the upcoming Paris Olympics.

On June 23, 2024, a Russian hacktivist group known as the “People’s Cyber Army” (Народная Cyber Армия) and their allies, HackNeT, announced their intentions to launch Distributed Denial of Service (DDoS) attacks on multiple French websites.

This announcement has raised concerns about the cybersecurity of the Summer Olympics, which is set to take place in Paris.

- Advertisement - SIEM as a Service
Figure 1: Official Telegram channel of People’s Cyber Army
Figure 1: Official Telegram channel of People’s Cyber Army

The Announcement and Initial Attacks

According to the Cyble Research & Intelligence Labs (CRIL) researchers, the People’s Cyber Army made its first post regarding its campaign to target the Paris Olympics on its Telegram channel on June 23, 2024, at 0840 hours UTC.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

This post was followed by a claim of a successful DDoS attack on the website of Festival La Rochelle Cinéma (Fema) (festival-larochelle.org) at approximately 0830 hours UTC.

They supported their claim with a link to a domain downtime monitoring website, ‘check-host.net.’

HackNeT joined the campaign three hours later by forwarding the same post from the People’s Cyber Army’s Telegram channel.

Shortly after, HackNeT claimed to have successfully DDoSed the website of the French palace cum cultural and exhibition center, Grand Palais (Paris) (grandpalais.fr).

Second post from HackNeT Telegram Channel
Second post from HackNeT Telegram Channel

Overview of Threat Actor’s Activities

The People’s Cyber Army is a notorious hacktivist group with a history of high-profile cyberattacks. One of their most significant attacks was on Ukraine’s nuclear agency. The group is linked to APT44, Sandworm, FROZENBARENTS, and Seashell Blizzard.

Their first mention dates back to March 2022, and since then, they have amassed a significant following on their Telegram channel, currently known as CyberArmyofRussia_Reborn, with 51,000 subscribers.

The People’s Cyber Army regularly collaborates with other pro-Russian hackers, including NoName057(16), HackNeT, CyberDragon, and UserSec Collective.

They are politically motivated and often publish justifications for their attacks on their Telegram channel.

DDoS Tools and Techniques

The People’s Cyber Army’s DDoS tool is coded in Python and features various techniques for carrying out Layer 4 and Layer 7 attacks.

The tool utilizes both multithreading and multiprocessing to send requests simultaneously, increasing the effectiveness of the attack. It also has proxy support to hide the attacker’s IP address, making it harder to track the attack.

The group encourages its Telegram subscribers to use these tools by posting brief tutorials on how to install and use them.

Telegram Post describing the use of DDoS tools

HackNeT: An Emerging Threat

HackNeT is a pro-Russian group that began operations in February 2023. It should not be confused with the Xaknet group, which has been inactive since November 2023.

HackNeT conducts politically motivated attacks and often collaborates with other pro-Russian hacktivist groups, including NoName057(16), People’s Cyber Army, CyberDragon, 22C, and UserSec Collective.

The People’s Cyber Army’s connection with APT44 underscores the seriousness of the threat. Given the group’s consistency in statements and history of attacks, it is crucial to investigate this incident thoroughly.

The announcement of these “training DDoS attacks” suggests that the group is preparing for larger-scale attacks during the Summer Olympics in Paris.

The cyber threat posed by the People’s Cyber Army and HackNeT is a significant concern for the upcoming Paris Olympics.

The international community and cybersecurity experts must remain vigilant and take proactive measures to safeguard the event’s digital infrastructure.

As the Olympics draw closer, the potential for more sophisticated and large-scale cyberattacks looms, necessitating a coordinated and robust defense strategy.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...