Hackers Use VPNs and Proxies for DDoS Attacks on Russian Organizations
As Russian authorities have started blocking foreign traffic based on geographic location, hackers are seeking alternative channels to carry out DDoS attacks. Reports indicate that they are now using VPN services, proxies, and user devices with Russian IP addresses—including routers, baby monitors, and smart cameras—which are combined into botnets.
According to the Telegram channel IT Army of Ukraine, hackers have begun using VPN and proxy services, as well as user devices, to bypass Russia’s geographic traffic filtering. The publication “Kommersant” notes that back in April, Roskomnadzor and the presidential administration planned to upgrade equipment used to enforce the sovereign internet law and to create a federal system for DDoS protection based on this equipment.
Now, as “Kommersant” reports, citing a source familiar with the situation, since March the Ministry of Digital Development, together with Roskomnadzor, has started using this equipment to filter traffic by geographic location at Russia’s borders. As a result, attackers are forced to find ways to bypass these defenses.
“This can be done by renting VPN, proxy, or VPS services from providers located in Russia, or by using various botnets that combine infected devices within Russia. Most botnet networks at the moment are made up of various infected smart devices or simply personal computers,” commented Alexey Novikov, director of the Positive Technologies Expert Security Center.
With the blocking of foreign traffic, attackers have started choosing devices located within the Russian address space, agrees Alexander Lyamin, founder of Qrator Labs: “This method of bypassing IP-based blocks has existed before, and it proves that geolocation-based traffic filtering is ineffective.”
Alexander Gutnikov, an expert at Kaspersky Lab, notes that “botnets made up of user devices are relatively small and not very powerful, but they are practically free for the owner and, most importantly, numerous.”