DDoS Attacks Against Japan

Uploaded on 2024-10-21 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

On October 11, 2024, the Ministry of Foreign Affairs of the Russian Federation (MID) published an interview expressing concern over Japan's increasing militarisation.

MID was particularly concerned over its rising defense budget, development of pre-emptive strike capabilities, and involvement in US-led military exercises and joint ballistic missile-defense research and cooperation.

In support of these concerns, two pro-Russian threat actors, NoName057(16) and the Russian Cyber Army Team, launched a series of high-impact DDoS attacks three days later, on October 14-16, 2024.

The slight delay occurred because NoName057 had recently been focused on attempting to disrupt the Belgian elections which took place over the previous weekend, this included more than 30 configuration updates sent with near exclusive Belgium targets for government, logistics, and election sites.

This incident underscores the coordination between these two threat actors as we have observed on multiple occasions.

Half of the attacks targeted the Logistics & Manufacturing sector, with a particular focus on harbors and shipbuilding; this is consistent with NoName057(16)’s typical approach.

The second-largest target group of attacks were directed towards government, political, and social organisations, including the political party of Japan’s newly elected prime minister, with the likely intention of generating significant publicity by attacking high-profile targets.

Attack Vectors

NoName057(16) has used every attack capability of the DDoSia botnet, employing a wide range of direct-path attack vectors against multiple targets. Currently approximately 40 targeted Japanese domains have been identified. On average, each domain is hit by three attack waves, utilizing four distinct DDoS attack vectors, utilising approximately 30 different attack configurations to maximise attack impact.

All identified target domains were subject to at least one type of TCP packet-flooding, with TCP SYN-floods being the most prominent. Additionally, over two-thirds of the websites experienced HTTP-based attacks, further intensifying the attack campaign.

Over the course of three days, it was observed that all new C2 server updates occurring between 16:00 to 22:00 in Japan, which corresponds to typical working hours for the Russian-aligned group.

Recent DDoS Attacks in the Larger DDoS Ecosystem

NETSCOUT's Automated Intelligene Feed ( AIF) tracks validated DDoS attack sources and is especially effective in empowering organisations to effectively mitigate high-visibility DDoS attacks such as those observed over the course of this attack campaign. Researcers at NETSCOUT report approximately 2,000 DDoS attacks targeting Japanese networks daily and while the recent attacks are impactful, they do not significantly impact the overall threat landscape of the region.

Conclusion

These events shpw how the Russia-aligned threat actors NoName057(16) and the Russian Cyber Army Team coordinated their efforts in attacking Japanese entities in the logistics & manufacturing sectors, and governmental organisations.

While these activities do not dramatically alter the overall threat landscape, as DDoS attacks continue to affect organisations globally, implementing robust detection and mitigation strategies remains crucial for maintaining digital availability.

Netscout | Russuan Federation Ministry of Foreign Affairs | Govinfo Security

You Might Also Read:

Japan Will Use AI To Secure Critical Infrastructure:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.