A new DDoS-as-a-Service (DDoSaaS) platform named ‘Passion’ was seen used in recent attacks by pro-Russian hacktivists against medical institutions in the United States and Europe.
A DDoS (distributed denial of service) attack is when threat actors send many requests and garbage traffic to a target server to overwhelm the server and cause it to stop responding to legitimate requests.
DDoSaaS platforms rent their available firepower to those looking to launch disruptive attacks on their targets, absolving them from the need to build their own large botnets or coordinate volunteer action.
Typically, these botnets are built by compromising vulnerable IoT devices such as routers and IP cameras, uniting them under a large swarm that generates malicious requests toward a particular target.
Radware discovered the Passion platform, and although its origins are unknown, the operation has distinctive ties with Russian hacking groups, suck as Killnet, MIRAI, Venom, and Anonymous Russia.
“The Passion Botnet was leveraged during the attacks on January 27th, targeting medical institutions in the USA, Portugal, Spain, Germany, Poland, Finland, Norway, Netherlands, and the United Kingdom as retaliation for sending tanks in support of Ukraine,” said Radware researchers.
A passion for DDoS
The operators of the Passion DDoS platform first promoted their service at the beginning of January 2023, performing several defacements on Japanese and South African organization sites.
Promotional Passion defacement (Radware)
The service operates as a subscription, where “customers” can purchase desirable attack vectors, duration, and intensity.
Passion offers the option of ten attack vectors, allowing subscribers to customize their attack as needed and even combine vectors to bypass mitigations implemented by the target.
The supported attack methods are:
- HTTP Raw
- UAM Browser
- HTTPS Mix
- DNS l4
- Mixamp l4
- OVH-TCP l4
- TCP-Kill l4
As for the cost of the service, a seven-day subscription costs $30, a month costs $120, while a full year sets back threat actors $1,440. Accepted payment methods include Bitcoin, Tether, and the Russian payment service QIWI.
Passion uses the Dstat.cc measurement service to showcase its L4 and L7 attack capabilities and effectiveness against DDoS mitigation providers like CloudFlare and Google Shield.
Demoing Passion’s power on Dstat.cc (Radware)
In October 2022, a pro-Russian DDoS crowdsourcing project named ‘DDOSIA’ launched, paying volunteers who took part in attacks and awarding significant amounts to those with the highest contributed firepower.
Passion is added to an already flourishing DDoS ecosystem, increasing the problem for organizations worldwide that are the recipients of these attacks.