Sharing a recently published blog post of a colleague of mine. It covers activity on a recently emerged threat actor group with the name #DieNet
#NETSCOUT
#LLRX #CyberSecurity @bespacific
Pete Recommends – Weekly highlights on cyber security issues, April 12, 2025
Five highlights from this week: #Biometrics vs. passcodes: What lawyers recommend if you're worried about warrantless phone searches; #DDoS Attacks Now Key Weapons in Geopolitical Conflicts, #NETSCOUT Warns; Google Maps doubles down on preventing fake reviews; Large number of US adults view AI as a threat: Report; and Explosive Growth of Non-Human Identities (#NHI) Creating Massive Security Blind Spots.
News on the #DDoS front: The latest #threatreport of #NETSCOUT was just published. As usual, a great read for those in the industry!
My colleague and I recently worked on a blog post here at #NETSCOUT in which we explore a coordinated cyber response against organizations in #Italy. Political alignment once again lead to severe action happening in the cyber space.
Despite the increased activity of threat actors, and the increased perception of public claims, in the broader picture of #DDoS, Italy did not experience a substantial change DDoS trends.
More in the latest blog post Italy in the Crosshairs
Infrastructure Laundering: Blending in with the Cloud
https://krebsonsecurity.com/2025/01/infrastructure-laundering-blending-in-with-the-cloud/
#infrastructurelaundering #U.S.DepartmentofCommerce #Ne'er-Do-WellNews #Crowell&MoringLLP #ALittleSunshine #MicrosoftAzure #NoName057(16) #RichardHummel #SuncityGroup #TimetoPatch #WebFraud2.0 #FangnengCDN #ZachEdwards #SilentPush #AmazonAWS #ACBGroup #AnjieCDN #NETSCOUT #polyfill #Funnull
While some report increased latency or no visible effect, we at #ASERT observed a noticeable decline of around 20% of egress traffic from Finland after the cut of the C-Lion1 submarine cable in the early morning hours of November 18. The traffic has yet to normalize for the past 72 hours.
My colleague Marcin explored what #NETSCOUT #ASERT observes about the coordinated #DDoS effort against organizations in #Japan. #NoName057 and the #RussianCyberArmy team coordinated a DDoS campaign as a response to news on the military stage.
While most reports talk about the #databreach, the fact that a #DDoS attack happened, and the political motivations behind the threat actor attacking archive[.]org we at #NETSCOUT #ASERT used our insights, to explore what the DDoS attack looked like and what kind of botnet was involved. Today, we published a blog post about it: Internet Archive under assault
Happy to announce the new iteration of #NETSCOUT #ASERT #DDoS Threat Intelligence Report - Issue 13. The three key findings focus on #threats, #targets and #defense. My personal favorite insight: We observed an average peak concurrent DDoS traffic of staggering 3.2 Tbps in 1H2024. The DDoS target section also covers the attacks tracked by us against different industries and really shows how noone is safe in today's geopolitical climate.
While news were talking about the people's response to the #election results in #Venezuela, we at #ASERT checked for anomalies in the #cyberspace. Apart from increased #internet traffic volume, we discovered some #DDoS attacks, likely as a response to the political turmoil. More on our latest blog post:
https://www.netscout.com/blog/asert/venezuelas-election-seen-cyberspace
Today @netscout , we observed the effects of what seems to have been the second in the most recent series of deliberate shutdowns of Internet traffic by the Iraqi government; these interruptions are apparently intended to curtail the ability of students to cheat on nationwide educational exams. It is notable that we observe significant spikes in traffic when connectivity is restored, presumably due to pent-up demand by Iraqi Internet users. This is a common phenomenon in cases of both deliberate and inadvertent interruptions in Internet connectivity, and can result in prolonged service disruption even after connectivity has been restored.
Dark Web Informer - Cyber Threat Intelligence :verified_paw: :verified_dragon:DarkWebInformer@infosec.exchange
2024-04-25⚠️#OSINT⚠️This is NetScout. NetScout is an OSINT tool that finds domains, subdomains, directories, endpoints and files for a given seed URL.
#CTI #Darknet #DarkWebInformer #Cybercrime #Cybersecurity #Cyberattack #OSINT #Infosec #NetScout
https://github.com/caio-ishikawa/netscout
X Link: https://twitter.com/DarkWebInformer/status/1783544274841116876
The next iteration of NETSCOUT's Threat Report just went live. The report primarily focusses on 2H 2023 and illuminates the #DDoS threat landscape on various facettes. My primary contribution was the section on #DNS and collateral damage as part of the DDoS targeting chapter. Yet, every section of this work bears its own fascinating and intriguing insights.
Read up on a blog post about traffic from networks described as "nuisance networks". It explains what those are and how #Netscout monitors them.
https://www.netscout.com/blog/asert/nuisance-network-traffic
Another great blog post about the notorious #NoName057 threat actor and their #DDoS tool #DDOSIA
Read more here: https://www.netscout.com/blog/asert/noname057-16
@GossiTheDog - Hope you don't mind me leveraging your excellent work in this threat to share some work of my coworkers.
My colleagues at #NETSCOUT had a blog post in the pipeline that was just published today on the modus operandi of #NoName057 and their #DDoS attack patterns.
The blog post can be read here:
https://www.netscout.com/blog/asert/noname057-16
#NETSCOUT blog: NoName057(16)
"Nuisance CDNs (e.g. bulletproof hosters) are included in this list, but the top two source networks in terms of DDoSia bots are the well-known hosting and CDN providers."
#NETSCOUT Anonymous Sudan analysis https://www.netscout.com/blog/asert/anonymous-sudan
A new #NETSCOUT blog post went live on the notorious #threat actor group Anonymous Sudan:
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst