Passion: A Russian Botnet


January 31, 2023 11:10 AM

The Passion Botnet was leveraged during the attacks on January 27th, targeting medical institutions in the USA, Portugal, Spain, Germany, Poland, Finland, Norway, Netherlands, and the United Kingdom as retaliation for sending tanks in support of Ukraine.

Read the Complete Alert
 

Passion group, affiliated with Killnet and Anonymous Russia, recently began offering DDoS-as-a-Service to pro- Russian hacktivists. The Passion Botnet was leveraged during the attacks on January 27th, targeting medical institutions in the USA, Portugal, Spain, Germany, Poland, Finland, Norway, Netherlands, and the United Kingdom as retaliation for sending tanks in support of Ukraine.

Passion Botnet

The origins of the Passion group remain unknown, but they have made their presence known recently, especially since the start of the new year. The group has been associated with defacement and denial-of-service attacks targeting individuals and organizations who do not support the Russian invasion of Ukraine.

Passion has a strong online presence through its Telegram channels, some dating back to March 2022. Other hacktivist groups, such as Anonymous Russia, MIRAI, Venom, and Killnet, have promoted Passion.

The Passion group's tactics, techniques, and procedures (TTPs) resemble those of the other hacktivist groups involved in the Russo-Ukrainian conflict. After conducting a denial-of-service attack, the group typically posts a link to a check-host[.]net page as evidence of their success.

Defacement Campaigns

The group responsible for the Passion Botnet carried out several defacement attacks over the past month to spread their message and raise awareness. The defacements primarily targeted small organizations in Japan and South Africa. The group's objective appears to be to use these attacks to draw attention to their botnet.

Figure 1: Passion Defacement left on the victim's website after a successful attack Figure 1: Passion Defacement left on the victim's website after a successful attack

Hacktivists and defacement attacks can pose a serious risk to targeted organizations. They can significantly harm an organization's reputation, causing a loss of trust and credibility with customers and stakeholders. The attacks can escalate to theft or compromise of sensitive information by moving laterally across the infrastructure from the breached web server. The attacks lead to downtime and can disrupt critical business processes, resulting in higher operational costs and impacting the overall efficiency of an organization. Additionally, breaches can lead to financial losses and legal liabilities. The aftermath of these attacks can be challenging. It may take considerable time and resources to discover the full impact and all affected systems after a breach incident. It is essential for organizations to take proactive measures and have complete visibility in their hybrid infrastructure to detect and assess the impact of breaches and defacements.

DDoS-as-a-Service

The group behind the Passion Botnet is currently offering access to the service, for a fee, to pro-Russian hacktivists via several Telegram channels. Over the years, DDoS-as-a-Service became a standard tool for hacktivists because it allows those without the ability to build and manage a botnet to launch significantly larger and more impacting attacks. DDoS services are generally sold as a subscription-based model, allowing customers to choose their attack vectors, duration, and intensity.

Continue Reading...

Click here to read the full ERT Threat Alert.

Read the full threat alert now

 

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
CyberPedia
Events