Somebody sat down and wrote a from-scratch QUIC client for a DDoS bot. No WolfSSL, no mbedTLS, nothing off the shelf: TLS 1.3, QUIC v1, HTTP/3, all hand-rolled.

A more complete QUIC stack than some things you installed on purpose.

Then it validates zero certificates.

New ERT report on Vibenet, aka Heilong: https://github.com/deepfield/public-research/blob/main/vibenet/report.md

#DDoS #threatintel

Thank you, self-hosters, for recommending Anubis: the anti-bot. Have a nice day!

#selfhosting #cybersecurity #linux #opensource #privacy #server #tech #web #protection #bot #ddos #security #infrastructure #networking #community #tools #digital #safety #servers #privacytools

A pipeline detail that explains why our hardening recommendations are never stale.

#cybersecurity #ddos #infosec

ddactic.net?ref=mastodon

Israelische Firma mischt bei Botnets mit

Ei, wer hätte das gedacht? Eine israelische Aktiengesellschaft hat ihre Finger im dreckigen Geschäft mit Botnets. Zum Verständnis muss ich etwas ausholen. Botnets sind eine der Waffen im Cybercrime. Sie lassen sich für alle möglichen Arten von Schabernack verwenden, von DDoS Angriffen bis zum SPAM-Versand. DDoS Angriffe sind ja eine weithin bekannte Plage im Internet. DDoS Angriffe werden für kommerzielle und/oder politische Ziele eingesetzt. Weniger bekannt ist die Verwendung der Zombies (Teilnehmer im Botnet) als so genannte Residential Proxies. Der Betreiber des Botnets vermietet solche Proxies an andere Cybergangster, die damit

https://www.pc-fluesterer.info/wordpress/2026/06/20/israelische-firma-mischt-bei-botnets-mit/

#android #cybercrime #ddos #hersteller #sicherheit #smart #smarthome #smarttv #wissen

Спасибо пидарасам из Alibaba Cloud за то, что помогли мне перестать откладывать и завести уже себе Anubis 🤝

#log #Alibaba #DDoS #Forgejo #server #procrastination #Anubis

📢 NoName057(16) recrute via Telegram avec des récompenses crypto pour des cyberattaques en Europe
📝 ## 🗓️ Contexte

Source : Cybersecurity Insiders, publi...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-17-noname057-16-recrute-via-telegram-avec-des-recompenses-crypto-pour-des-cyberattaques-en-europe/
🌐 source : https://www.cybersecurity-insiders.com/russian-hackers-allegedly-offer-cryptocurrency-rewards-through-patriotic-online-games/
#DDoS #NoName057_16_ #Cyberveille

RE: https://social.anoxinon.de/@codebergstatus/116765466028092709

I wish @timbl would read posts like this before he assesses the state of the Web through rose-colored glasses.

#DDoS #genai #aislop #web

Importance of Multi-Layer Protection in #DDoS Mitigation

This article discusses the importance of multi-layer protection in DDoS mitigation.
Importance of Multi-Layer Protection in DDoS Mitigation
DDoS (Distributed Denial of Service) attacks can target different layers of the OSI model. A multi-layered protection approach ensures that your infrastructure is resilient against various attack vectors, particularly Layer 3 ...
Continued 👉 https://blog.radwebhosting.com/multi-layer-protection-in-ddos-mitigation/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #ddosprotection #security

Siberian Network Brigade & the Second Chechen War

Introduction

When you look at the history of “cyberwar”, both in reality and as a concept, there are two big inflection points. The first was in the late 90s, when nationalist hackers, hacktivists and online troublemakers started becoming involved in international conflicts. The second was in 2022, when Russia invaded Ukraine and a new professionalised era of hacktivists and nation state backed orchestration and coordination of attacks began.

There are already some realhackhistory blogs about physical conflicts that had online elements, like the Kosovo War in 1999, and political or diplomatic conflicts between countries that nationalist hacktivists became involved in, like the attacks on Indonesian websites by Chinese hackers in 1998.

Russian hackers groups like Chaos Hackers Crew and KpZ became involved in the Kosovo War, but these were hacker groups that existed before the war and had already been defacing websites – although previously for online clout not political ideology.

This blog is about a Russian hacktivist group that seems to have formed for specifically political reasons in response to geopolitical events, the group was called the Siberian Network Brigade. While a lot of the details are murky and some of the primary sources are lost to time the history of this group is linked to how the Russian state came to view hackers and hacking as an extension of national power.

Where necessary, I have relied on automated translation from Russian language sources.

The Second Chechen War

Detailed accounts of purely physical military conflicts are beyond the scope of this blog, but there is a need to understand the circumstances that led to the creation of the Siberian Network Brigade to understand the history of the group itself.

In August of 1999 Islamist mujahideen fighters from Chechnya began armed incursions into the Russian Republic of Dagestan in support of Dagestani separatist rebels. The aim of the insurgents was a united Dagestan and Chechnya under an Islamic government and the expulsion of Russians from the region.

The battle between the Russian military and the combined forces of the Dagestani separatists and Chechen insurgents only lasted a month. Russia was able to defeat the mujahideen and force them across the border into Chechnya but shortly afterwards, in September of 1999, a series of apartment bombings that killed hundreds hit four Russian cities.

Although there were many inconsistencies in the details around these bombings and no conclusive proof linking them to Chechen fighters was ever shown, they were used as a pretext by then Russian Prime Minister Vladimir Putin to start the Second Chechen War.

The Second Chechen War would officially last until 2000, when Russia established military control over the country and installed a new government. Chechnya continued to be plagued by political violence for another decade and a half, with Russia declaring victory over the last remnants of the insurgency in 2017.

The Siberian Network Brigade

In the wake of the conflict in Dagestan and the apartment bombing attacks there was a swell of support from the Russian public for Prime Minister Putin and for a military campaign in Chechnya.

In August of 1999, as the conflict in Dagestan was still ongoing, a group of students at Tomsk Polytechnic University in the Siberia region of Russia formed a group they called “Сибирскую сетевую бригаду” or Siberian Network Brigade.

An article on newsru.com from 2002 says that the group was run by a Tomsk Polytechnic student called Dmitry Alexandrov and that the group had seven members. Dmitry Alexandrov is said to have moved from Grozny to Tomsk in 1996 and that the creation of Siberian Network Brigade was inspired by “unknown” people who managed to sabotage the Yahoo! page reference for a Chechen separatist group homepage. The newsru.com article states that after that “all the efforts of the Russian community gradually reduced to DOS-attacks.”

According to some Russian media sources the group launched DDoS attacks against websites run by Chechen militants and managed to deface the homepage of “Kavkaz Center” or “Caucasus Center”, a website that carried messages from the Chechen militants to followers and potential recruits online.

While I have been unable to find a screenshot of the actual 1999 defacement of the KavKaz Center, it was described in the Russian media as carrying an image of the writer and poet Mikhail Lermontov in a camouflage uniform with a Kalashnikov assault rifle. Accompanying text read: “Here was Misha. This website of terrorists and murderers was closed at the request of the Russians” and that “with the websites of terrorists and murderers will always be like that!”

It is seemingly impossible to find any archives of website defacements attributed to Siberian Network Brigade but their various hacks were definitely given coverage around the time that they were supposed to have taken place in Russian media. Many articles from the time the group was active are still online.

In 2002, according to gazeta.ru, the group was again able to deface the Kavkaz Center homepage, this time with the accompanying (auto-translated from Russian) text:

“We snatched a sting from the stinking mouth of the Gavghav Center, and silence hanged over the light of Chechen terrorists. Swelled at the barking of the ducks. A bandit machine was silent in the mountains. Did not send money to the Chechen mercenaries cunningly an Arab. I’ve saddled the evil Taliban in Afghanistan. If you shut up tomorrow, the world will become even calmer and safer. Participate in the “Stody Burnhouse” contest. Conditions – it is not easy: the first, hit the “Gabgwa-center” in the teeth when trying to open the mouth, the second, hit the teeth of the peddle of his shit, the third, beat the teeth of their defenders. The best award is the admiration for the brothers on-line shop and the happy, flooded with the sun tomorrow. “Siberian Network Brigade”.

What all the articles about the group seem to agree upon is that in parallel with any potentially illegal activity the group might have been engaged in, they were also committed to outreach to U.S. newspapers, American law enforcement agencies and Canadian and American hosting companies who provided hosting to the main three Chechen separatist websites.

Pressure from Siberian Network Brigade and other Russian activists succeeded in having hosting for prominent Chechen separatist sites pulled first by a Canadian company called WebHosting.Com Inc, then by their next host a U.S. company called XO Communications.

XO Communications, according to Russian media accounts, was contacted by the FBI in 2001 over their hosting of Kavkaz Center and other Chechen sites after tip-offs from Russian activists. In all it seems that Kavkaz Center had to move hosting companies at least 4 times in the period of 1999 through to 2002, around this time there was also a domain seizure that forced the site to move to a new domain.

By all accounts the Siberian Network Brigade dissolved in 2003 despite stating in 2002 that their intention was to “unite the brains” with other computer science students from universities in Omsk, Kemerovo and Novosibiribsk. What the members went on to do after the group ceased operating is unknown, although it is very possible that finishing university and entering the work force caused members to evaluate their priorities as often happens with hackers.

Allegations of FSB Collusion

From the outset there were claims from Chechen separatists that Siberian Network Brigade were part of, or operated at the behest of, the Russian FSB state security services.

Chechen spokesman Movladi Udugov even went so far as to give a November 2002 interview to Reuters journalists in which he directly accused the Russian security services of attacking the KavKaz Center and Chechen Press websites with DDoS attacks. “We are amazed Russia’s special services can operate so freely on U.S. territory” he said, as both websites were hosted in the United States at that time.

When looking at nationalistic hacktivist groups in the late 90s or early 2000s these kinds of claims came up a lot, for instance Indonesian authorities accused the Chinese government of being responsible for attacks during their brief cyberwar.

While a lot of academic papers that deal with Russian hacking and include references to the Siberian Network Brigade include allegations or implications of FSB direction this most likely overly simplifies the dynamics between the group and the Russian government.

Even though the actual documents seem lost I found references to a now deleted gazeta.ru article about Siberian Network Brigade that I was able to retrieve through the Wayback Machine that included quotes from a Tomsk FSB statement issued in 2002 on the group and their activities. Based on this and the few other articles I can find that referenced that FSB press release it stated that the actions of the Siberian Network Brigade “do not contradict Russian law” and that their hacking operations “are an expression of their civic position, which is worthy of respect” adding “the term “hackers” does not apply” to the group of students.

Newsru.com’s article states that:

In the press release, as follows from the media, the main tool for the struggles of the Tomsk students with the ideologues of the separatists are letters and requests sent to the US government authorities, American media and private funds informing about the use of the Internet space by terrorists by space by terrorists.

Looking at this in the context of the other articles and documents I was able to find it seems as if the relationship between the Russian government and the Siberian Network Brigade is closer to illegal activity tolerated and encouraged by the Russian state, as opposed to direct coordination or operation by Russian security services.

Masyanya Email Worm

Although there is no indication that this activity was related to Siberian Network Brigade it felt like the 2002 Masyanya email worm is worth mentioning in this blog. The worm was named after what was then a popular adult oriented animated web series called “Masyanya”. References to this web series indicates that the worm was primarily intended to infect Russians, or Russian speakers, as the lure detailed below would not have effectively tricked people unfamiliar with the series into clicking the attachment.

Above you can see Kaspersky’s screenshots of two of the lures used to spread the worm, with references to “a new film” about Masyanya, the main character of the web series, and Vladimir Putin who appeared in the web series as a character. Other variations of the accompanying email text included “Hi!!! Here’s a new episode of Masyanya. About Putin” and “Hi!!! Here’s a new film about Masyanya and VV Putin!!!”.

If an unwitting recipient clicked on the executable email attachment the worm installed itself. It was programmed to establish persistence, gain administrative privileges using the DebPloit exploit, disable some Outlook security controls and harvest the email contacts on the infected system to further propagate itself. It also added a new user account called “masynechkaa”.

Every Monday the worm was set up to use infected systems to hit kavkaz.org with a DoS attack, as part of a simple botnet of infected endpoints which would perform a DDoS. Eugene Kaspersky was quoted as saying of the worm, “we classify this case as a ‘proof-of-concept’ virus, warnings about which are intended to prevent the spread of other, more effective analogues. It is possible that they may appear in the future and exploit this same flaw.”

Conclusion

As part of writing this blog I looked at other hacking activity related to the Second Chechen War and the early period of the bloody occupation of Chechnya that took place in the years after the war. I reviewed copies of Russian hacker magazine XAKEP from 1999 through to 2002 and found very little about the conflict itself or hacking related to the conflict.

One news item stood out, a Ukrainian and Russian hacking group known as UkRteam defaced http://www.chechnya.ru in January of 2000 or 2001 (the accompanying short article was written in January of 2001 but lists the date of the defacement as 2000, which I suspect is a typo). The actual defacement itself is lost but the article itself includes what appears to be a very low resolution screenshot of the altered website.

The same group was involved in anti-American website defacements during a conflict between Chinese and American hackers that took place in 2001, after a collision between a U.S. spy plane and a Chinese fighter jet.

I may return to this topic as it seems odd to me that there were not more instances of Russian “patriotic hackers” (“хакеров-патриотов”) around this time, given how much support existed among Russian people for the conflict with Chechen Islamists and how active hacker groups aligned with Russia were around the Kosovo War.

On 19 December 2025, Cloudflare autonomously absorbed a 31.4 Tbit/s attack in 35 seconds — from a botnet of 1-4 million hijacked Android TVs and routers, mostly still on factory-default passwords.

Same playbook that took Twitter, GitHub, Reddit and Netflix offline for hours in 2016.

How it works: malware scans devices on default passwords → quietly enslaves them → one command fires them all at the same target → real users time out.

#DDoS #Botnet #Cybersecurity

https://youtu.be/jWlaV1jgCAs