A new version of the DDoSia attack tool has been released by the threat actors, featuring an updated mechanism for obtaining the list of targets. This enhancement enables the tool to bombard the targets with spam HTTP requests, aiming to disrupt their services.
New Version of DDoSia Attack Tool
DDoSia, believed to be developed by the pro-Russian hacker group NoName(057)16, first surfaced in 2022 as the successor to the Bobik botnet. This attack tool focuses on targeting entities primarily situated in Europe, along with Australia, Canada, and Japan.
Between May 8 and June 26, 2023, the countries most significantly affected by DDoSia were Lithuania, Ukraine, Poland, Italy, Czechia, Denmark, Latvia, France, the U.K., and Switzerland, resulting in a total of 486 websites being impacted.
DDoSia is a cross-platform program, capable of running on Windows, Linux, and macOS systems, with implementations in Python and Go. The tool operates by repeatedly issuing network requests, following instructions from a configuration file received from a command-and-control (C2) server.
The most recent iteration of DDoSia incorporates encryption to obfuscate the target list, signaling continuous maintenance and development by the operators. Sekoia emphasized that NoName(057)16 is actively striving to enhance compatibility across various operating systems, implying a wider range of potential targets.
The introduction of the latest version of the DDoSia tool aligns with a cautionary statement issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) regarding deliberate denial-of-service (DoS) and DDoS attacks aimed at numerous organizations spanning different sectors.
These types of attacks have the potential to cause substantial disruptions, resulting in financial implications and reputational harm.
IOCS detected by Sekoia: