British authorities have taken down the hacker group DigitalStress. The collective was known for large-scale DDoS attacks using the innovative DDoSia toolkit.
The Northern Ireland Police Service PSNI previously arrested an individual suspected of running the DigitalStress site. This individual is known by the username Skiop. At the hands of the NCA operation, the website was taken down, in cooperation with the PSNI and U.S. FBI. Visitors will now see a National Crime Agency notification on DigitalStress’ .su domain. According to the NCA, cybercriminals usually think that this Soviet domain protects them from such infiltrations and takedowns.
An earlier FBI operation in December 2022 took down several tools and services used for cyber attacks. This led to the downing of 48 popular “booter” sites, the NCA reports. A ‘booter’ site contains DDoS-for-hire services, allowing even the least skilled malicious to launch a cyber attack for a fee.
DDoSia
DigitalStress used the DDoSia project, a toolkit for pro-Russian hackers to target targets in countries critically opposed to the invasion of Ukraine. Fellow hackers of NoName057(16) also used DDoSia.
DDoSia was initially written in Python. That proved inefficient, Avast describes, so it was translated into the Go programming language. Unlike Python, Go compiles directly to machine code, which speeds up the running of it. Newer versions of DDoSia are multiplatform too, with variants for Windows, macOS, Linux and Android.
DDoS attacks are, on the one hand, easy to set up and, on the other, somewhat easily mitigated. Preventing them entirely, however, is virtually impossible. A takedown of Command & Control (C2) servers is the most effective technique to get rid of DDoS attacks. This happens on a regular basis. A special party trick from DDoSia is that it seems to update automatically rather quickly. Within a few hours, every client, a necessary accomplice to achieve DDoSs, has been updated. This keeps DDoSia a moving target.
DigitalStress caught
DigitalStress’ software is thus quite sophisticated and difficult to take down. The group itself is currently disabled, though that may be temporary. Possible members of the group in the United Kingdom can expect a visit in the near future.
Also read: DDoS attacks are getting easier and more complex at the same time