Distributed denial-of-service attacks (DDoS) were launched across the entire gaming industry via the new Dark Frost botnet.
A DDoS attack is essentially when threat actors attempt to sabotage websites and services by creating massive amounts of traffic in an attempt to overwhelm their servers and crash them. This can also create vulnerabilities in the networks they target. This renders the services, websites, products, or online games completely unable to function during the attack.
Botnets take advantage of compromised devices around the world to perform various activities against the hosts will — oftentimes without their knowledge. They’re a form of malware that can come from a variety of sources and require a good antivirus to beat.
Botnets can be used to steal data en masse, mine cryptocurrency for the hacker, or in this case, be used to overwhelm their target servers by flooding them with intense amounts of traffic. The attack was a User Data Protocol flood (UDP flood), which sends tons of UDP data to a server before exploiting it during its attempt at processing it.
The researchers who discovered the new Dark Frost botnet, Akamai, point out that the threat actor responsible has been active since May 2022, while the botnet was flagged by their systems in February.
Dark Frost appears to be an amalgamation of several other botnets that came before it. Researchers found elements of various malware strains, including QBot, Mirai, and Gafgyt. They even posted their services as a DDoS for-hire group. The stolen code, DDoS attacks, and mercenary work are paired with one curious details.
The hacker was publishing live recordings of their attacks on various social media websites.
“The actor was observed boasting about their achievements on social media, utilizing the botnet for petty online disputes, and even leaving digital signatures on their binary file,” Akamai said.