Who hit Spamhaus with DDoS strike?
The anti-spam organisation may have been hit with a DDoS by wikileaks.info organisers.


Spamhaus was hit with a distributed denial of service (DDoS) attack after it released info about a WikiLeaks mirror site, but there is some confusion over who was behind the strike.
Last week, the anti-spam organisation put out a warning wikileaks.org was redirecting web traffic to third-party mirror site wikileaks.info a space Spamhaus said was a known hive of activity for Russian cyber criminals.
Spamhaus's main concern was the security of the website's Webalta's 92.241.160.0/19 IP address space it did not have any anti-WikiLeaks agenda.
"We do have an interest in preventing spam and related types of internet abuse however and hope that the WikiLeaks staff will quickly address the hosting issue to remove the possibility of cyber criminals using WikiLeaks traffic for illicit purposes," the organisation said.
On 18 December, Spamhaus was hit by a large DDoS attack and eyes turned towards the Anonymous hacking group, which has been known to target organisations who pulled support for WikiLeaks.
However, security professionals have indicated those running the WikiLeaks mirror site appeared to have been responsible.
"It was found to be PCs that had been hijacked by malware and were being used against their will to attack the Spamhaus services," explained Chester Wisniewski, senior security adviser at Sophos, in a blog.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"Those who commanded the attack are likely those that are hosting both wikileaks.info and the command-and-control servers used to instruct large quantities of zombied PCs to do their bidding."
Wisniewski advised those wanting to see the confidential cables to head to the official WikiLeaks site, which can be found at http://wikileaks.ch.
Last week, wikileaks.info rebuffed the claim it was hosting malicious activity.
"We find it very disturbing that Spamhaus labels a site as dangerous without even checking if there is any malware on it," the site's organisers said.
"We monitor the wikileaks.info site and we can guarantee that there is no malware on it."
In an update yesterday, wikileaks.info said it was unsure if a Spamhaus suggestion the mirror site's hosting provider Heihachi was behind the DDoS attack was true.
"Bottomline: we are a group that supports WikiLeaks with no connection to cyber criminals," the organisers added.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
96% of SMBs are missing critical cybersecurity skills – here's why
News The skills shortage hits SMBs worse as they often suffer from a lack of budget and resources
By George Fitzmaurice
-
Sophos Firewall Virtual review: Affordable network protection for those that like it virtualized
Reviews Extreme network security that's cheaper than a hardware appliance and just as easy to deploy
By Dave Mitchell
-
MSPs are struggling with cyber security skills shortages
News A shortage of tools and difficulties keeping pace with solutions were also ranked as key issues for MSPs
By George Fitzmaurice
-
Nearly 70 software vendors sign up to CISA’s cyber resilience program
News Major software manufacturers pledge to a voluntary framework aimed at boosting cyber resilience of customers across the US
By Solomon Klappholz
-
Sophos and Tenable team up to launch new managed risk service
News The new fully managed service aims to help organizations manage and protect external attack surfaces
By Daniel Todd
-
Ransomware groups are using media coverage to coerce victims into paying
News Threat actors are starting to see the benefits of a more sophisticated media strategy for extracting ransoms
By Solomon Klappholz
-
Shrinking cyber attack “dwell times” highlight growing war of attrition with threat actors
News While teams are becoming more proficient at detecting threats, attackers are augmenting their strategies
By Ross Kelly
-
Cyber security in the retail sector
Whitepapers Retailers need to ensure their business operations and internal data aren't breached
By ITPro