Project DDOSIA Pays Contributors for DDoS Hacktivist Attacks
The Russian Hacking Group Pays for More Firepower.
DDOSIA is a crowdsourced project launched by a pro-Russian hacking group that aims to gather more firepower by paying volunteers to launch distributed denial-of-service (DDOS) attacks against western targets.
Being easy to organize and carry out, DDoS attacks have been the preferred weapon of hacktivists in the Russian-Ukrainian war.
Traditionally, in hacktivist DDoS attacks the volunteers are in for the cause, so adding an economic motivation is a novel strategy that will attract cybercriminals that don’t necessarily embrace the cause.
DDoS attacks, although without security repercussions, can inflict serious disruptions in the service, and, depending on the victim, can impact a great number of people beyond the financial aspect.
Details About Project DDOSIA
DDOSIA was launched on Telegram in mid-August 2022. The author is a group named “NoName057(16)”, that launched DDoS attacks over Ukrainian organizations with a 40% success rate, as documented by Avast researchers between June and September 2022.
“Avast highlighted the presence of a DDoS module downloaded by ‘Bobik’ – a remote access trojan (RAT) discovered in 2020 that was being dropped by RedLine information stealer”, according to Bleeping Computer.
DDOSIA’s Telegram channel now has over 13.000 volunteers, and the project aligns with the goals of KillNet, another pro-Russian gang. DDOSIA also played a role in the recent wave of DDoS attacks on major airports in the United States.
How Paid Attacks Work
Cybercriminals that are compelled by the money have to register through Telegram to receive a ZIP archive containing the malware (“dosia.exe”) and a unique ID.
The ID can be liked to a cryptocurrency wallet where they will receive the payments for DDoS attacks accordingly to the firepower they provide.
The top contributors in each attack wave receive 80,000 rubles ($1,250), second-place attackers receive 50,000 rubles ($800), and third-place contributors are compensated with 20,000 rubles ($300).
In the attacks against the U.S. airports, DDOSIA announced that they would distribute payouts to the top ten contributors, increasing the rewards for the contributors.
DDOSIA currently has around 400 members and operates as a semi-closed invite-only community, attacking a list of 60 Ukrainian military and educational institutions.