The hacktivist-friendly AI-based DDoS Tool was trained to solve Captchas


In the dynamic realm of cybercrime, where DDoS tools are a dime a dozen, one tool stands out: Stresser.cat. This Russian-born DDoS tool has stormed the underground hacking scene with its unparalleled ability to leverage AI for Captcha cracking. This distinctive feature sets it apart from the rest of the DDoS tools. But not for long.

The Early Days:

Stresser.cat first appeared on my radar on December 24, 2022, with the creation of its Telegram channel, “Stresser.cat [L7].” Operating under the domain stresser.cat, the tool quickly gained popularity among cybercriminals, particularly gamers, drawn to its user-friendly interface and powerful attack methods.

An OSINT Research of Radware CTI team identified the online presence of Stresser.cat main developer – in former Killnet telegram, which might shed light on the target audience

Leveling Up:

What impressed me most about Stresser.cat was the technical and reverse engineering skills and capabilities at which its developers introduced new attack methods. In April 2023, they added HTTP-HAWK, HTTP-LUMINOUS, and HTTP-BLISS. However, the main capabilities came in September 2023 with the launch of HTTP-REACT, HTTP-FREE, HTTP-FUKU, and HTTP-REVUELTO, which allowed Stresser.cat to bypass various DDoS protection measures.

The AI Revolution: Traditional DDoS tools often struggle with Captcha. Up until now, they tend to solve this challenge in one of two ways:

  1. Captcha-solving services- relying on human intervention to solve challenges from 3rd party captcha farm solutions.
  2. Avoiding captchas at all costs – design the attack IP/rate below the target-site thresholds.

Stresser.cat developers had a different idea. In March 2024, they introduced an update to the HTTP-TESTAROSSA browser method that used a neural network system to solve hCaptcha and reCaptcha automatically.

This AI-powered Captcha-solving capability catapulted Stresser.cat to the forefront. By automating the process, the tool could launch attacks against a wider array of targets, maintain a higher rate of requests per second, and minimize downtime. In May 2024, the developers pushed the boundaries further, enhancing HTTP-TESTAROSSA to tackle even more intricate Captchas, such as the DDoS-Guard text captcha, using a custom-trained neural network.

Implications for Targeted Sites:

‘Grace period’ for DDoS: Upon solving a captcha challenge, the user usually gets a 5-10 minute “grace period” in which its traffic is whitelisted and does not go through inspection and mitigation. Therefore, choosing the strategy of solving the captcha instead of bypassing it allows Stresser Cat to send more requests per IP and, therefore, minimize the proxy usage and costs.

The emergence of AI-powered captcha solving with DDoS tools like Stresser.cat presents a pressing challenge for targeted websites. With its unique ability to solve Captchas automatically, Stresser.cat can bypass traditional defenses with minimal operation costs.

Proof-Of-Power:

DDoS tools marketplaces are the shady corner of the web and telegram and often filled with fraudsters and scammers, therefore, to establish their reputation among potential clients, DDoS tools developers tend to demonstrate the effectiveness of their tools in dedicated telegram server, each developer manages a “proof of power” channel where they publish successful DDoS attacks on major websites as a proof of concept.

Stresser.cat developers have published the following incidents:

  • GitHub (October 9, 2023): Stresser.cat launched a successful attack against GitHub.com, a widely used version control and collaboration platform for developers worldwide. This attack demonstrated the tool’s ability to target and disrupt a well-defended tech company.
  • VK API (October 25, 2023): Stresser.cat targeted api.vk.com, the API endpoint for VK (also known as VKontakte), a popular Russian social networking service. By taking down the VK API, Stresser.cat demonstrated its effectiveness against social media platforms and their API infrastructures.

Conclusion

As a cybersecurity researcher, I have been impressed by Stresser.cat’s rapid evolution and AI-powered innovation. It stays ahead of the curve in introducing new features and attack methods that keep it at the forefront of the DDoS landscape.

The emergence of AI-powered DDoS tools pose a challenge for targeted websites, but cybersecurity professionals have the power to develop new strategies. By keeping up with the latest developments on threat actors’ underground economies and investing in training in advanced AI-powered defense systems, we can stay ahead in the battle against cybercrime.

Arik Atar

Arik Atar recently joined Radware's industry-leading Threat Research team, bringing his flavor of threat intelligence. While new to Radware, he draws on multifaceted expertise built across a 7-year career on the front lines of cyber threat hunting. In 2014, While completing his BA in International Relations and Counterterrorism at IDC University, Arik took his first steps on the darknet as part of his research on Iran-sponsored attack groups. On Bright Data, Arik uncovered both cyber adversaries'. He led investigations against high-profile proxy users that misused Bright Data's global residential proxy network to initiate mass-scale DDoS and bot attacks. In 2021, he moved from inspecting the attack logs from the attacker's view to inspecting the attack from the defender's point of view in human security (formal art PerimeterX), where he leveraged multiple hacker identities he developed over the years to hunt cyber threat intelligence on application hackers. Arik delivered keynote speeches at conferences such as Defcon, APIParis, and FraudFights' Cyber Defender meetups. Arik’s diverse career path has armed him with unique perspectives on application security. His expertise combines strategic cyber threat analysis with game theory and social psychology elements

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center