LameDuck’s Skynet Botnet Launches 35,000+ DDoS Attacks

The Sudanese brothers behind LameDuck orchestrated a massive DDoS campaign using the Skynet Botnet, which enabled over 35,000 attacks targeting a diverse range of industries and governments worldwide. 

The attacks, often timed with geopolitical events, suggest a potential anti-Western motive, as the duo profited from selling DDoS services to numerous customers, highlighting the lucrative nature of cybercrime. 

LameDuck, a threat group active since January 2023, primarily employs Distributed Denial of Service (DDoS) attacks to disrupt various targets, including critical infrastructure, cloud providers, and government agencies. 

This organization has a history of carrying out high-profile attacks, which are frequently amplified through social media in order to gain notoriety. 

While initially presenting as a politically motivated actor, their operations increasingly exhibit a focus on financial gain, as evidenced by DDoS-for-hire services and extortion attempts, which makes it difficult to definitively categorize LameDuck, with both cybercrime and hacktivism likely playing significant roles in their activities.

Large-scale distributed denial of service attacks were orchestrated by the Sudanese brothers who were behind LameDuck, a hacktivist group that had connections to Russian-aligned groups such as Killnet. 

While their direct affiliation with the Russian state remains unclear, their shared ideologies, language use, and alignment with Russian interests suggest potential Russian involvement and shed light on the group’s leadership but raise questions about the extent of Russian influence in their operations. 

LameDuck, a pro-Muslim Sudanese hacktivist group, targets a wide range of high-profile entities for various reasons and often targets organizations opposing their ideology, critical infrastructure for maximum impact, and entities with vulnerabilities or poor security practices. 

These geopolitical factors, such as the conflict in Sudan and tensions with neighboring countries, play a role in the targeting of these individuals. 

They also target organizations perceived as Islamophobic or pro-Israeli. Their operations against Ukraine and the Baltics raise questions about potential Russian involvement, given the complex geopolitical landscape.

It employed a Distributed Cloud Attack Tool (DCAT) to launch large-scale DDoS attacks, as their tactics included HTTP flooding, multi-vector attacks, and targeting high-value infrastructure endpoints. 

They often used rented servers and open proxies to obscure their identity and also engaged in DDoS extortion, demanding payments from victims to cease attacks, while their operations were financially motivated, despite their claims of ideological activism.

Cloudflare was able to successfully defend against distributed denial of service attacks that were launched by LameDuck, demonstrating the significance of implementing robust security measures. 

Organizations can protect themselves by employing dedicated DDoS mitigation services to shield Layer 3 and Layer 7 traffic, including DNS. Web Application Firewalls (WAFs) can filter malicious HTTP traffic, while rate limiting can control traffic volumes, and Content Delivery Networks (CDNs) can reduce server load. 

Proactive measures, such as understanding security posture, identifying attack surfaces, and establishing incident response plans, are crucial for effective defense against advanced DDoS attacks.

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here