Saturday, December 21, 2024
Homecyber securityHacktivist Groups Preparing for DDoS Attacks Targeting Paris Olympics

Hacktivist Groups Preparing for DDoS Attacks Targeting Paris Olympics

Published on

SIEM as a Service

Cyble Research & Intelligence Labs (CRIL) researchers have identified a cyber threat targeting the upcoming Paris Olympics.

On June 23, 2024, a Russian hacktivist group known as the “People’s Cyber Army” (Народная Cyber Армия) and their allies, HackNeT, announced their intentions to launch Distributed Denial of Service (DDoS) attacks on multiple French websites.

This announcement has raised concerns about the cybersecurity of the Summer Olympics, which is set to take place in Paris.

- Advertisement - SIEM as a Service
Figure 1: Official Telegram channel of People’s Cyber Army
Figure 1: Official Telegram channel of People’s Cyber Army

The Announcement and Initial Attacks

According to the Cyble Research & Intelligence Labs (CRIL) researchers, the People’s Cyber Army made its first post regarding its campaign to target the Paris Olympics on its Telegram channel on June 23, 2024, at 0840 hours UTC.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

This post was followed by a claim of a successful DDoS attack on the website of Festival La Rochelle Cinéma (Fema) (festival-larochelle.org) at approximately 0830 hours UTC.

They supported their claim with a link to a domain downtime monitoring website, ‘check-host.net.’

HackNeT joined the campaign three hours later by forwarding the same post from the People’s Cyber Army’s Telegram channel.

Shortly after, HackNeT claimed to have successfully DDoSed the website of the French palace cum cultural and exhibition center, Grand Palais (Paris) (grandpalais.fr).

Second post from HackNeT Telegram Channel
Second post from HackNeT Telegram Channel

Overview of Threat Actor’s Activities

The People’s Cyber Army is a notorious hacktivist group with a history of high-profile cyberattacks. One of their most significant attacks was on Ukraine’s nuclear agency. The group is linked to APT44, Sandworm, FROZENBARENTS, and Seashell Blizzard.

Their first mention dates back to March 2022, and since then, they have amassed a significant following on their Telegram channel, currently known as CyberArmyofRussia_Reborn, with 51,000 subscribers.

The People’s Cyber Army regularly collaborates with other pro-Russian hackers, including NoName057(16), HackNeT, CyberDragon, and UserSec Collective.

They are politically motivated and often publish justifications for their attacks on their Telegram channel.

DDoS Tools and Techniques

The People’s Cyber Army’s DDoS tool is coded in Python and features various techniques for carrying out Layer 4 and Layer 7 attacks.

The tool utilizes both multithreading and multiprocessing to send requests simultaneously, increasing the effectiveness of the attack. It also has proxy support to hide the attacker’s IP address, making it harder to track the attack.

The group encourages its Telegram subscribers to use these tools by posting brief tutorials on how to install and use them.

Telegram Post describing the use of DDoS tools

HackNeT: An Emerging Threat

HackNeT is a pro-Russian group that began operations in February 2023. It should not be confused with the Xaknet group, which has been inactive since November 2023.

HackNeT conducts politically motivated attacks and often collaborates with other pro-Russian hacktivist groups, including NoName057(16), People’s Cyber Army, CyberDragon, 22C, and UserSec Collective.

The People’s Cyber Army’s connection with APT44 underscores the seriousness of the threat. Given the group’s consistency in statements and history of attacks, it is crucial to investigate this incident thoroughly.

The announcement of these “training DDoS attacks” suggests that the group is preparing for larger-scale attacks during the Summer Olympics in Paris.

The cyber threat posed by the People’s Cyber Army and HackNeT is a significant concern for the upcoming Paris Olympics.

The international community and cybersecurity experts must remain vigilant and take proactive measures to safeguard the event’s digital infrastructure.

As the Olympics draw closer, the potential for more sophisticated and large-scale cyberattacks looms, necessitating a coordinated and robust defense strategy.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Threat Actors Selling Nunu Stealer On Hacker Forums

A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker...

Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution

A critical vulnerability has been identified in Siemens' User Management Component (UMC), which could...

Foxit PDF Editor Vulnerabilities Allows Remote Code Execution

Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit...

Windows 11 Privilege Escalation Vulnerability Lets Attackers Execute Code to Gain Access

Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Threat Actors Selling Nunu Stealer On Hacker Forums

A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker...

Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution

A critical vulnerability has been identified in Siemens' User Management Component (UMC), which could...

Foxit PDF Editor Vulnerabilities Allows Remote Code Execution

Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit...