Radware spots  Passion Group supporting pro-Russian hacktivist group in medical institutions strike

Radware’s threat intelligence team has issued a threat advisory about the Passion Botnet, a DDoS-as-a-Service being offered to pro-Russian hacktivists by the Passion Group. The group was used by Killnet during the attack that targeted medical institutions in the USA, Portugal, Spain, Germany, Poland, Finland, Norway, Netherlands, and the United Kingdom, in retaliation for sending tanks in support of Ukraine.

As Killnet threatens future attacks, Pascal Geenens, director of threat intelligence for Radware, calls for moderate caution. “The network between Killnet, Anonymous Russia and their affiliates is substantial enough to pose a moderate risk to public and private infrastructure,” said Geenens.

“While Killnet and its affiliates do not have a track record of inflicting operational impact, the group has had time to gather experience, build tools, gain support, and increase its circle of influence with other pro-Russian groups. Consequently, a threat from Killnet to explore more impacting campaigns should not be ignored or the cause of alarm but treated with caution.”

Reasons for concern include:

  • Several pro-Russian threat groups aligned with Killnet, including Anonymous Russia and the Passion Group, launched DDoS attacks supporting the operation.
  • The Passion Botnet offers its subscribers ten attack vectors, including application layer encrypted web attacks, L4 attacks, DNS attacks and UDP/TCP floods. By providing various attack methods, the Passion Group enables its subscribers to custom tailor their attack and increase the probability of a successful takedown.
  • Hacktivists and defacement attacks can pose a serious risk to targeted organizations. It is essential for organizations to take proactive measures and have complete visibility into their hybrid infrastructure to detect and assess the impact of breaches and defacements.