Posted on May 29, 2023 at 8:19 AM
A new botnet known as Dark Frost has been detected to be behind a distributed denial-of-service (DDoS) attack within the gaming industry. The botnet has expanded in terms of activity and it has now resulted in the compromise of hundreds of devices that are now vulnerable to hacking attacks.
Dark Frost botnet launches a massive DDoS campaign
One of the security researchers at Akamai, Allen West, said that the Dark Frost botnet was modeled after other malware strains. “The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices,” West said.
West published a new technical analysis on the matter in a report shared with The Hacker News. The targets in the case include gaming companies, game server hosting providers, online streamers, and even community members of gaming companies. The threat actor launched the botnet after interacting with these community members.
“The fascinating story of the Dark Frist Botnet introduces us to a perplexing threat actor whose success rate and originality level do not align. The cobbled-together botnet was created using stolen code from several popular malware families (Mirai, Gafgyt, and Qbot), giving this attacker the ability to carry out fairly successful attacks against the gaming industry,” the analysis said.
As of February 2023, the Frost botnet comprised 414 machines that operated several instruction set architectures, including ARMv4, x86, MIPSEL, MIPS, and ARM7. The botnets that are usually used by these threat actors are usually comprised of a massive network of compromised devices globally.
The operators in question tend to use the enslaved hosts to mine crypto assets, access sensitive information, and tap into the bots’ collective internet bandwidth. The botnet is used to take other websites offline. It also targets internet servers by also flooding the target websites with junk traffic, making it difficult for the affected organizations to sustain their online presence on these sites.
The Dark Frost botnet is the largest replica of a botnet that seems to have been stitched together by getting access to the source code. The source code is received from several botnet malware strains, including Gafgyt, Mirai, and the Qbot malware strains. The malware strains are used to conduct DDoS campaigns, and going their previous track record, the campaigns have a massive effect on the targeted organization.
A notorious hacking group
The Akamai cybersecurity research company was behind the reverse engineering for the botnet after it was flagged on February 28, 2023. The group has said that the hacking attack potential for the threat actor group is around 629.28 Gbps using a UDP flood attack. The threat actor group behind this attack is also believed to have been active since around May last year.
Akamai’s statement about this botnet said that the group released live recordings of the attacks for everyone to see them. The actions of the hacker group demonstrate a boastful nature, whereby they are making their work known to demonstrate their abilities.
The Akamai research further said that the hacker group demonstrates its hacking abilities through social media platforms. The attacks conducted by the group are published through live recordings for everyone to see this activity.
The web infrastructure company has further said that the hacker appeared to be boasting about their achievements on social media platforms. They use the Frost botnet to conduct petty online disputes, and they even left their digital signatures behind on the binary file, indicating that they intended for their campaigns to be detected.
The adversary has also set up a Discord channel to support these tacking attacks while receiving money in exchange. The move demonstrates that the hackers are financially motivated. It also shows that they are launching DDoS-for-hire services that can be used by other cybercriminals in exchange for money.
The Dark Frost botnet also demonstrates a modern example of how easy it has become for sophisticated cybercriminals using advanced coding skills to launch their attacks using malware that is already available in the market. These hackers are able to cause significant damage on the targeted institutions.
West has also said that these threat actors have a massive reach and they could trigger massive attacks. However, despite having this reach, these threat actors do not possess novelty in their hacking activities. The Dark Frost botnet has managed to attract hundreds of compromised devices and exploited these devices to do the bidding of the company.