Former Killnet special forces unit increases attack power as war enters second year

Radware has released a new advisory about a pro-Russian hacktivist group called Zarya.

The group, which operated initially as a special forces unit under Killnet, is building Mirai variants to increase the attack power of the DDoS botnet it uses to perform attacks on the West. Zarya’s propaganda website, known as ‘Zarya – CyberFront,’ as well as its attack campaign log, and malware are hosted by Akur Group, a hosting provider for pro-Russian hacktivist groups.

With the Russian/Ukrainian conflict going into its second year on February 24, 2023, this recent activity is significant because it demonstrates how pro-Russian hacktivists have evolved their tools, techniques, and procedures during the past year.

Malicious activities have increased and sophisticated tools and techniques have spread across the internet, sometimes supporting criminal activities, such as the sale and purchase of stolen data or the hosting of malware for cyberattacks.

Daniel Smith, Head of Research for Radware’s Threat Intelligence Division, provides some additional insights: “Pro-Russian hacktivists have moved beyond basic denial-of-service scripts and crowdsourced attacks to more advanced and potent techniques.

“The significant impact of Zarya’s recent activities offers just one case in point. The group’s CyberFront website currently features links to 48 different hacking campaigns carried out by the group, along with the corresponding leaked data — allegedly 655 Gigabytes worth of data.”

For more details on Zarya’s campaigns, attached is today’s full advisory. For more information or wish to speak to Radware’s threat researchers, let me know.