Distributed denial-of-service attacks were on the rise in 2018 and continuing into 2019, ranging from a high volume of Mirai attacks to more sophisticated botnets targeting enterprises. According to Europol’s Internet Organized Crime Threat Assessment 2019 report, DDoS attacks are among the biggest threats reported in the business world. The favorite DDoS targets of adversaries in 2019, according to Dark Reading, were banks and other financial institutions, along with public sector organizations such as police departments and local governments.
Chinese threat actors, in particular, have become a predominant fixture in the DDoS ecosystem, evidenced by recent high profile attacks against GreatFire (2015), GitHub (2015, 2018), and Telegram (2015, 2019).
Download the Chinese DDoS Threat Landscape report, written by Intezer researcher Nacho Sanmillan, which provides an overview of Chinese state-sponsored DDoS operations and profiles some of the most well-known Chinese DDoS groups known to the infosec community, including ChinaZ and Nitol.
The report includes:
1. An overview of Chinese state-sponsored DDoS operations
2. Profiling notorious Chinese DDoS threat actors ChinaZ and Nitol, including their motivations, malware characteristics, and how long they have been in operation
3. Code reuse connections and other artifact similarities between Chinese threat groups: ChinaZ, Nitol, MrBlack, Iron Tiger APT, and others
4. Chinese Gh0stRAT variant case study
5. Summary of the research findings and suggestions for future points of investigation
• DDoS botnets are prevalent in China’s cybercrime ecosystem
• DDoS attacks are not exclusive to nation-states for politically motivated goals
• TTPs and artifact overlaps exist between many Chinese cybercrime groups
• Chinese threat actors value collaboration, evidenced by the large portions of code reuse present among malware belonging to threat groups with Chinese origins
To learn more, download the Chinese DDoS Threat Landscape report.
Overview of the findings
*This research was presented during Virus Bulletin Conference 2019, an international threat intelligence event covering topics such as APTs, botnets, research tools, software testing, cybercrime, and ethics.