The Russian botnet Fronton can do much more than just massive DDoS attacks


On Thursday, Nisos
published a new study describing the inner workings of an unusual botnet.

Fronton first became known in 2020, when a group of hacktivists Digital Revolution hacked an FSB contractor and published technical documents demonstrating the creation of a botnet on behalf of the FSB. Until recently, it was believed that the botnet was designed to carry out large-scale DDoS attacks. According to the analysis of additional Fronton documents, DDoS attacks are only part of the botnet’s capabilities.

According to Nisos, the Pediment is “a system for coordinated inauthentic behavior“and the special SANA software shows that the true purpose of a botnet can be the rapid and automatic dissemination of disinformation and propaganda.

SANA consists of many functions, including:

  • News: tracks posts, trends, and responses to them;
  • Groups: manages bots;
  • Behavioral patterns: creates bots that impersonate users of social networks;
  • Response models: responds to messages and content;
  • Dictionaries: stores phrases, words, quotes, reactions and comments for use in social networks;
  • Albums: stores sets of images for platform bot accounts.

SANA also allows the user to create social media accounts with generated email addresses and phone numbers, as well as distribute content on the Internet. In addition, the user can set a schedule for publications and adjust the number of likes, comments and reactions that the bot should create. The botnet operator can also specify how many “friends” the bot account should have.

“The configurator also allows the operator to specify the minimum frequency of actions and the interval between them. Apparently, a machine learning system is involved, which can be turned on or off depending on the behavior of the bot in the social network”, –
said the researchers.

Start a discussion …