Ukraine's vigilante IT army now has a DDoS bot to automate attacks against Russia

Ukraine’s unofficial ‘army’ of IT vigilantes has developed a new automated attack tool to increase the effectiveness of its cyber attacks against Russian domains.

Its “attack automation bot” was built to help more people easily launch distributed denial of service (DDoS) cyber attacks against Russia. The new tool encourages individuals to donate their cloud resources to the bot, which is capable of launching a “coordinated attack from all the available servers”.

“To run all our attacks at the same time we recommend to use our new DDoS bot,” the group said on its website. “All you need is [to] send credentials to your servers to our bot and check how [the] attack is going via Telegram bot.”

Should they wish to, supporters are also encouraged to purchase and share the credentials of new servers that can be bought for the sole purpose of strengthening the botnet's attack.

The organised group of cyber-savvy individuals who want to actively support Ukraine from afar has been growing in number since the start of the conflict. The group is assembled on Telegram and currently has more than 270,000 members.

The group’s members are fed instructions by leaders on a daily basis, complete with IP addresses, specific ports, and web domains that need to be targeted to disrupt the Russian regime as the war continues.

Past targets have included media organisations, banks, airlines, and app stores.

Russian cyber attacks against Ukraine have been large and sustained, starting weeks before the conflict broke out.

The Five Eye intelligence alliance confirmed last week that it believed with a high degree of confidence that Russia was behind the attacks on Ukraine in the early stages of the war.

The attacks on Ukrainian government websites in January, which also involved the use of the destructive Whispergate ‘wiper’ malware, were attributed to Russia’s military intelligence service, the GRU, as was the 24 February attack on communications company Viasat.

The attack on Viasat was conducted one hour before the Russia invasion of Ukraine became official and it was later revealed to have had effects in wider Europe, as wind farms and individual internet users outside of Ukraine also suffered outages.

The collateral effects of the Viasat attack were the most visceral examples of the ‘spillover effects’ many experts believed would affect Europe in the ongoing war between Russia and Ukraine in cyber space.

Russia has a history of launching devastating attacks on Ukraine dating back many years. Some of the most significant incidents have involved the use of Petya malware and repeated targeting of the country’s power grid, firstly in 2015, then again in 2016, and most recently in April 2022.