The Passion Botnet was leveraged during the attacks on January 27th, targeting medical institutions in the USA, Portugal, Spain, Germany, Poland, Finland, Norway, Netherlands, and the United Kingdom as retaliation for sending tanks in support of Ukraine.
Read the Complete Alert
Passion group, affiliated with Killnet and Anonymous Russia, recently began offering DDoS-as-a-Service to pro- Russian hacktivists. The Passion Botnet was leveraged during the attacks on January 27th, targeting medical institutions in the USA, Portugal, Spain, Germany, Poland, Finland, Norway, Netherlands, and the United Kingdom as retaliation for sending tanks in support of Ukraine.
The origins of the Passion group remain unknown, but they have made their presence known recently, especially since the start of the new year. The group has been associated with defacement and denial-of-service attacks targeting individuals and organizations who do not support the Russian invasion of Ukraine.
Passion has a strong online presence through its Telegram channels, some dating back to March 2022. Other hacktivist groups, such as Anonymous Russia, MIRAI, Venom, and Killnet, have promoted Passion.
The Passion group's tactics, techniques, and procedures (TTPs) resemble those of the other hacktivist groups involved in the Russo-Ukrainian conflict. After conducting a denial-of-service attack, the group typically posts a link to a check-host[.]net page as evidence of their success.
The group responsible for the Passion Botnet carried out several defacement attacks over the past month to spread their message and raise awareness. The defacements primarily targeted small organizations in Japan and South Africa. The group's objective appears to be to use these attacks to draw attention to their botnet.
Figure 1: Passion Defacement left on the victim's website after a successful attack
Hacktivists and defacement attacks can pose a serious risk to targeted organizations. They can significantly harm an organization's reputation, causing a loss of trust and credibility with customers and stakeholders. The attacks can escalate to theft or compromise of sensitive information by moving laterally across the infrastructure from the breached web server. The attacks lead to downtime and can disrupt critical business processes, resulting in higher operational costs and impacting the overall efficiency of an organization. Additionally, breaches can lead to financial losses and legal liabilities. The aftermath of these attacks can be challenging. It may take considerable time and resources to discover the full impact and all affected systems after a breach incident. It is essential for organizations to take proactive measures and have complete visibility in their hybrid infrastructure to detect and assess the impact of breaches and defacements.
The group behind the Passion Botnet is currently offering access to the service, for a fee, to pro-Russian hacktivists via several Telegram channels. Over the years, DDoS-as-a-Service became a standard tool for hacktivists because it allows those without the ability to build and manage a botnet to launch significantly larger and more impacting attacks. DDoS services are generally sold as a subscription-based model, allowing customers to choose their attack vectors, duration, and intensity.