Exploring the Chinese DDoS Threat Landscape - Intezer

Exploring the Chinese DDoS Threat Landscape [Research Report]

Written by Intezer

    Share article
    FacebookTwitterLinkedInRedditCopy Link

    Top Blogs

    Distributed denial-of-service attacks were on the rise in 2018 and continuing into 2019, ranging from a high volume of Mirai attacks to more sophisticated botnets targeting enterprises. According to Europol’s Internet Organized Crime Threat Assessment 2019 report, DDoS attacks are among the biggest threats reported in the business world. The favorite DDoS targets of adversaries in 2019, according to Dark Reading, were banks and other financial institutions, along with public sector organizations such as police departments and local governments.

    Chinese threat actors, in particular, have become a predominant fixture in the DDoS ecosystem, evidenced by recent high profile attacks against GreatFire (2015), GitHub (2015, 2018), and Telegram (2015, 2019).

    Download the Chinese DDoS Threat Landscape report, written by Intezer researcher Nacho Sanmillan, which provides an overview of Chinese state-sponsored DDoS operations and profiles some of the most well-known Chinese DDoS groups known to the infosec community, including ChinaZ and Nitol.

    The report includes:

    1. An overview of Chinese state-sponsored DDoS operations
    2. Profiling notorious Chinese DDoS threat actors ChinaZ and Nitol, including their motivations, malware characteristics, and how long they have been in operation
    3. Code reuse connections and other artifact similarities between Chinese threat groups: ChinaZ, Nitol, MrBlack, Iron Tiger APT, and others
    4. Chinese Gh0stRAT variant case study
    5. Summary of the research findings and suggestions for future points of investigation

    Key takeaways:

    DDoS botnets are prevalent in China’s cybercrime ecosystem
    DDoS attacks are not exclusive to nation-states for politically motivated goals
    TTPs and artifact overlaps exist between many Chinese cybercrime groups
    Chinese threat actors value collaboration, evidenced by the large portions of code reuse present among malware belonging to threat groups with Chinese origins

    To learn more, download the Chinese DDoS Threat Landscape report.

    Overview of the findings

    *This research was presented during Virus Bulletin Conference 2019, an international threat intelligence event covering topics such as APTs, botnets, research tools, software testing, cybercrime, and ethics.


    Track the latest malware variants and threat actors analyze.intezer.com

    © Intezer.com 2022 All rights reserved
    Integrate with EDRs like CrowdStrike and SentinelOne to automate alert triage & response tasks.Integrate with EDRs like CrowdStrike and SentinelOne Learn more