Threat Database Botnets Zhadnost Botnet

Zhadnost Botnet

A new malware strain has been found to be used in DDoS attacks against Ukraine's digital infrastructure. The threatening operations took place right before and during the first several days of the Russian invasion of the country of Ukraine. The name given to this botnet malware by the researchers who analyzed its functionalities and underlying code is Zhadnost. So far three different attacks involving the threat have been identified. 

Attack Details

The threat actors have been targeting the Ukrainian government and financial websites continuously. More specifically, their targets appear to be the websites belonging to the following 7 entities:

  • Ukrainian Ministry of Foreign Affairs
  • Ukrainian Ministry of Defence
  • Ukrainian Ministry of Internal Affairs
  • Security Service of Ukraine
  • Ukrainian Cabinet of Ministers
  • Oschadbank
  • Privatbank 

The effectiveness of the DDoS (Distributed Denial of Service) attacks has been minimal, with the websites restoring their normal functionality relatively quickly. It should be noted that the first detected attack consisted of a combination between the Zhadnost and other botnets, while the subsequent attacks were carried out by Zhadnost solely. Attribution of the malware to a specific threat actor has not been possible with the currently available information, but it is rather likely that the cybercrime organization responsible for the botnet has ties to Russia. 

Zhadnost Botnet Details

So far over 3,000 unique IP addresses have been identified to be infected with the Zhadnost botnet. The majority of the compromised devices are MikroTik routers that were breached through misconfigured DNS recursion settings or other vulnerabilities. The bots were then instructed to launch DDoS attacks through HTTP floods and DNS amplification. It should be noted that none of the currently known Zhadnost bots are located in Russia or Belarus. Instead, they are spread across multiple countries and several different continents.

As Russia becomes more aggressive and ruthless in its actions against Ukraine, cybersecurity experts expect that its efforts to disrupt key websites and digital platforms also would intensify. This could mean that despite the lack of impact from the current operations involving the Zhadnost botnet, the malware could be leveraged in more precise attacks against critical targets, such as power generators, telecommunication services, military units, etc. 


Most Viewed