Lưu trữ UDP FLOOD - CMC CYBER SECURITY

05 Dec

RDoS ATTACKS BY FAKE FANCY BEAR

Written by: Aishee
0 Comments
Share
Technical blog

Recently, on Threat Intelligence collected some information about ransom denial-of-service (Ransom denial-of-service) attacks, the attacker asked for ransom for the victims to not be attack.

Those attackers extorted money from bullies by sending emails threatening the victims. Most attackers take the group's name Fancy Bear to take the reputation of this group to threaten the victims with fear. Attackers posing as the infamous Fancy Bear threatened to launch a DDoS attack if the ransom was not paid. In some cases, attackers have made small DDoS attacks to prove their capabilities and validate threats. The attacks are also confirmed by other security researchers.

In the same phase, CMC Cyber Security received support requests from an organization when they received the same threatening email

Some organizations that received this threat email also had a demo DDoS attack on their servers.

Vector attack (floods) uses protocols UDP and ICMP , especially the attacker was using UDP / 3283, this is a newly discovered attack vector on 06/2019.

Port UDP / 3283 is used by the protocol Apple Remote Desktop Application (ARD) and ARMS service.

Fancy Bear, also known as APT28 (Sednit group, Sofacy, Pawn Storm, Strontium, Tsar Team, TG-4127, Group-4127, TAG_0700, Swallowtail, Iron Twilight, Group 74) has been operating since 2004, Fancy Bear is an organization hackers specialize in attacking large organizations and governments with APT campaigns.

Can confirm is the group Fancy Bear has nothing to do with ransom denial-of-service (RDO) campaigns, their goal is mostly to crack and spy, while their target is to spend money on something Fancy Bear sponsored, just a bit of a threat to using social engineering.

The source ip is used by the attacker to use random for UDP Flood during the attack RDoS

CMC Cyber Security will only be partially public, if you want more please contact the details.

There are many methods to mitigate this type of DDOS attacks and it is not too difficult to implement. We will continue to apdate the specific details as soon as possible.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

RDoS ATTACKS BY FAKE FANCY BEAR

Recent Posts

Service

Products and solutions