360 Qihoo: Russian APT Gamaredon may launch a new series of DDoS attacks

image

Researchers from 360 Qihoo discovered a wave of DDoS attacks launched by APT Gamaredon and reported that the attackers posted their DDoS Trojan LOIC in open access. The malware instances noticed by experts were collected in early March, a few days after the start of the special operation in Ukraine.

“We found that from March 4 to March 5, 2022, several C&C servers distributed the open source DDoS Trojan program LOIC compiled by .net,” according to an analysis published by 360 Qihoo.

Observing the activity of APT, experts noticed that attackers carry out numerous attacks, including phishing campaigns and malware attacks. Experts managed to discover the C&C infrastructure used by hackers.

Below is a list of domains involved in DDoS attacks:

  • decree.maizuko.**

  • caciques.gloritapa.**

  • delicate.maizuko.**

  • jealousy.jump.artisola.**

  • dense.gitrostan.**

  • decision.lotorgas.**

  • decency.maizuko.**

  • junior.jacket.artisola.**

  • defective88.maizuko.**

  • deception.lotorgas.**

  • destination.delight.coffiti.**

  • cachinate.gloritapa.**

  • January.josie.artisola.**

  • defective19.maizuko.**

  • deception.lotorgas.**

  • destination.delight.coffiti.**

The malicious code distributed by the APT group includes hard-coded IP addresses and ports for targets.

“The spread of the LOIC Trojan may be a preparation for a new wave of DDoS attacks,” the researchers said in the conclusion of the analysis.