While Russians prepare for their presidential election on March 4, attackers already are ahead of the game, having begun a series of DDoS attacks against several media sites and at least one site belonging to a candidate. The attacks are coming from several different botnets, but so far haven’t had the desired effect of completely taking the sites offline.
Researchers monitoring DDoS attacks across the Internet said Wednesday that a variety of different botnets had begun targeting several sites belonging to Ufa Journal, a Russian newspaper, as well as a separate media site and one site owned by a political candidate.
“Inspection of our botnet tracking logs from Project Bladerunner show multiple sites under attack recently that appear to be politically motivated. Four are news sites (three belong to journalufa). The other is a candidates site, and all attacks are ongoing. The botnets here are Dirt Jumper and Black Energy. Despite press that the radio station Echo Moscow is getting political pressure for it’s pro-change reporting, we haven’t yet seen their properties struck by attacks as we have in the past,” Jose Nazario of Arbor Networks wrote in a blog post on the attacks.
Politically motivated attacks of this kind have become more and more common in recent months and years as groups agitating for change in countries such as Syria, Iran, Russia and elsewhere have turned to such tactics to help further their cause. Various groups have attacked their rivals’ sites and media sites that are sympathetic to causes they themselves don’t support. This has been particularly prevalent around the time of elections in these countries as disparate groups attempt to suppress their rivals’ messages and agendas.
The main site of Ufa Journal was accessible Thursday morning but researchers said that the attacks still are ongoing at this point. Vitaly Kamluk, a researcher at Kaspersky Lab who tracks DDoS attacks and botnets, said that there were several different variants of the Ruskill botnet launching attacks against the Ufa Journal sites right now.
Four separate Ruskill botnets are targeting various properties owned by Ufa Journal at this point, including journalufa.com, openufa.com and journalufa.livejournal.com.