Russian Botnet Fronton: More Than Just DDoS Attacks

On Thursday, the company Nisos published a new study describing the inner workings of an unusual botnet. Fronton first became known in 2020, when the hacktivist group Digital Revolution hacked an FSB contractor and released technical documents showing the creation of the botnet on behalf of the FSB. Until recently, it was believed that the botnet was designed to carry out large-scale DDoS attacks. However, according to an analysis of additional Fronton documents, DDoS attacks are only part of the botnet’s capabilities.

According to Nisos, Fronton is a “system for coordinated inauthentic behavior,” and the special SANA software suggests that the true goal of the botnet may be the rapid and automated spread of disinformation and propaganda.

SANA includes a variety of features, such as:

• News: Monitors posts, trends, and responses to them
• Groups: Manages bots
• Behavior Models: Creates bots that impersonate social media users
• Response Models: Reacts to posts and content
• Dictionaries: Stores phrases, words, quotes, reactions, and comments for use on social networks
• Albums: Stores sets of images for the platform’s bot accounts

SANA also allows users to create social media accounts with generated email addresses and phone numbers, as well as distribute content online. In addition, users can set a schedule for posts and configure the number of likes, comments, and reactions that a bot should generate. The botnet operator can also specify how many “friends” a bot account should have.

“The configurator also allows the operator to specify the minimum frequency of actions and the interval between them. Apparently, a machine learning system is involved, which can be turned on or off depending on the bot’s behavior on the social network,” the researchers said.