Register now for better personalized quote!

This Russian botnet does far more than DDoS attacks - and on a massive scale

May, 19, 2022 Hi-network.com

An investigation into the Fronton botnet has revealed far more than the ability to perform DDoS attacks, with the exposure of coordinated inauthentic behavior "on a massive scale."

Security

Cyber security 101: Protect your privacy from hackers, spies, and the government

Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.

Read now

On Thursday, cybersecurity firm Nisos published new research revealing the inner workings of the unusual botnet. 

Fronton first hit the headlines back in 2020 when ZDNet reported that a hacktivist group claimed to have broken into a contractor for the FSB, Russia's intelligence service, and published technical documents appearing to show the construction of the IoT botnet on the intelligence service's behalf.

At the time, it was thought that the botnet was destined to perform distributed denial-of-service (DDoS) attacks on a vast scale. However, after analyzing further documents related to Fronton, Nisos believes that DDoS attacks are only one of many capabilities. 

Instead, Nisos says Fronton is "a system developed for coordinated inauthentic behavior," and the implementation of particular software, dubbed SANA, shows that the botnet's true purpose could be for misinformation and the spread of propaganda rapidly and automatic fashion. 

SANA consists of a web-based dashboard and a variety of functions, including:

  • Newsbreaks: tracks messages, trends, and their responses
  • Groups: bot management
  • Behavior Models: functions for creating bots able to impersonate human social media users 
  • Response Models: how to react to messages & content including breaking news
  • Dictionaries: stores phrases, words, quotes, and comments for use across social media, including positive, negative, and neutral reactions
  • Albums: stores image sets for platform bot accounts.

SANA also permits users to create social media accounts with generated email and phone numbers and to spread content across social networks, blogs, forums, and more. In addition, users can set schedules for posts/reactions, and configuration includes how many likes, comments, and reactions a bot should create. 

According to the researchers, Fronton operators can also specify how many 'friends' a fake bot account should maintain. 

"The configurator also allows the operator to specify a minimum frequency of actions, and a minimum interval between actions," the researchers say. "It also appears that there is a machine learning (ML) system involved that can be turned on or off based on behavior observed on social media."

As of April 2022, the web portal has moved to a different domain but is active. 

Previous and related coverage

  • Researchers warn of APTs, data leaks as serious threats against UK financial sector
  • Microsoft warns: This botnet has new tricks to target Linux and Windows systems
  • Google: Here comes our 'Open Source Maintenance Crew'

Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0


Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.