Latest issue of my curated #cybersecurity and #infosec list of resources for week #11/2025 is out!

It includes the following and much more:

➝ Alleged Co-Founder of #Garantex Arrested in India;

➝ X Suffered a #DDoS Attack;

➝ Microsoft #PatchTuesday Fixes 7 Zero-days;

➝ UK Hospital Discovered 5,000 to 10,000 Unknown Devices Connected to its Network;

➝ #NVIDIA Chips Smugglers Granted Bail in Singapore;

➝ #Tenable tested #DeepSeek's Ability to Generate #Malware;

➝ #OpenAI labelling DeepSeek as "state-controlled";

➝ New #Jailbreak Method called Context Compliance Attack (CCA) Works Against Most #AI Models

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/template-infosec-mashup-xx-2025-7eb9e43f2aebd47f?utm_source=beehiiv&utm_medium=mastodon

Here is a good summary on what happened on the #X outage a couple of days ago. Yes, it was a #DDoS attack, but many of the other accusations were inaccurate. Although few groups claimed attribution, my gut feeling cannot fully convince me that it was the #darkstormteam.

Rumors has it, that the #Eleven11 botnet was involved. That one is not mentioned, yet the article refers to posts of @GossiTheDog

Oh really it was Ukraine that took down X on March 10? Not so fast.

Independent security researchers found evidence that some X origin servers were not properly secured behind DDoS protection, and researchers noted they did not even see Ukraine in the breakdown of the top 20 IP address origins involved in the attacks. https://www.wired.com/story/x-ddos-attack-march-2025/ #X #Musk #DDoS #cyberattack #cybersecurity #security #Ukraine #BotNet #Internet

No, Elon — X DDoS was NOT by Ukraine

#X marks the botnet: #Outage outrage was a Ukrainian cyberattack, implies our favorite African billionaire comedy villain.

The social media platform formerly known as #Twitter went offline earlier this week. It was swamped by wave after wave of distributed denial of service attacks (DDoS). Now-owner #ElonMusk (pictured) has been telling everyone the #DDoS traffic came from Ukraine.

O RLY? That’s “garbage,” say experts. In #SBBlogwatch, we never stopped calling it Twitter.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/03/elon-musk-x-ddos-ukraine-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

"The social network X suffered intermittent outages on Monday, a situation owner Elon Musk attributed to a “massive cyberattack.” Musk said in an initial X post that the attack was perpetrated by “either a large, coordinated group and/or a country.” In a post on Telegram, a pro-Palestinian group known as Dark Storm Team took credit for the attacks within a few hours. Later on Monday, though, Musk claimed in an interview on Fox Business Network that the attacks had come from Ukrainian IP addresses.

Web traffic analysis experts who tracked the incident on Monday were quick to emphasize that the type of attacks X seemed to face—distributed denial-of-service, or DDoS, attacks—are launched by a coordinated army of computers, or a “botnet,” pummeling a target with junk traffic in an attempt to overwhelm and take down its systems. Botnets are typically dispersed around the world, generating traffic with geographically diverse IP addresses, and they can include mechanisms that make it harder to determine where they are controlled from.

“It’s important to recognize that IP attribution alone is not conclusive. Attackers frequently use compromised devices, VPNs, or proxy networks to obfuscate their true origin," says Shawn Edwards, chief security officer of the network connectivity firm Zayo."

https://www.wired.com/story/x-ddos-attack-march-2025/

What Really Happened With the #DDoS Attacks That Took Down #X

https://www.wired.com/story/x-ddos-attack-march-2025/

New scraped proxy list for MegaMedusa, get full IP : https://www.minimedusa.lol/ip/current-scraped.txt or cleaned IP : https://www.minimedusa.lol/ip/current-scraped-cleaned.txt - #ThreatIntel #Ddos #MegaMedusa

This is NOT a good thing; and there's a big stinky rat here. I very much question the combination of "pro-Palestinian" and "Russian geopolitical interests" in the same sentence. If this is actually a Russian threat actor, then it's attacking Moscow's allies. If this is a "pro-Palestinian" threat actor, then expect more mass punishment against Palestinians, whether you're guilty or not. Things being the way they are, I am very suspicious about the origins of this group.

The last time something like this came up, it turned out to be a bunch of Kenyan kids paid to disrupt humanitarian aid to Palestinians while pretending to be pro-Palestinian. What are the odds?

It's important to note what Orange Cyberdefense says about DarkStorm: "Although seemingly pro-Palestinian, their actions also appear aligned with Russian geopolitical interests" https://www.orangecyberdefense.com/global/insights/research-intelligence/epidemiology-labs

DarkStorm: https://www.orangecyberdefense.com/fileadmin/global/CyberIntelligenceBureau/Gangs_Investigations/DARKSTORMTEAM/DarkStormTeam-EN.pdf

"A pro-Palestinian hacktivist group claimed responsibility for the attack, providing evidence to back their claims.

Bitdefender: Hacktivist Group Claims Cyberattack That Spurred Multiple X Outages on Monday https://www.bitdefender.com/en-us/blog/hotforsecurity/hacktivist-group-claims-cyberattack-that-spurred-multiple-x-outages-on-monday @bitdefender #cybersecurity #infosec #Musk #DDoS

Twitter switched to use Cloudflare. But their backbone is still publicly available.

Looks like a #DDoS is hurting them badly.

cc @GossiTheDog

After DevOpsDayLA 2025, @aeden and Felipe are heading to #ICANN82 in Seattle . Curious about how our Domain Control Plane unifies domain, DNS, and certificate management in one place? Want to talk about advanced features like #ALIAS records, Regional records, #DDoS Defense, and seamless integrations with popular platforms via our robust #API? Reach out to us to schedule a chat during the event.
#ICANN82 #DomainManagement #ICANN

New #Eleven11bot #botnet infects 86,000 devices for #DDoS attacks

https://www.bleepingcomputer.com/news/security/new-eleven11bot-botnet-infects-86-000-devices-for-ddos-attacks/

Så er der opdateret lidt på materialet til på mandag, Workshop hos PROSA.

DDoS simulering hvor vi samles om noget netværksudstyr og lærer at sende netværkspakker, MANGE MANGE netværkspakker

https://github.com/kramse/security-courses/tree/master/presentations/pentest/simulated-ddos-workshop

Materialet må som altid deles og kopieres, og samme workshop plejer jeg at holde på BornHack, så måske skal du skrive det i kalenderen

Radware: 2025 Global Threat Analysis Report https://www.radware.com/threat-analysis-report/

More:

Betanews: Web DDoS attacks up over 500 percent https://betanews.com/2025/02/26/web-ddos-attacks-up-over-500-percent/ @betanews @iandbarker #cybersecurity #infosec #DDoS

#reddit is (probably) under a massive #DDOS

Pro-#Russia collective #NoName057(16) launched a new wave of #DDoS attacks on Italian sites
https://securityaffairs.com/174294/hacktivism/noname05716-launched-ddos-attacks-on-italian-sites.html
#securityaffairs #hacking

Nach unseren Informationen gab es einen Cyberangriff auf das Webportal der Bayerischen Staatsregierung - betroffen war unter anderem auch die Seite der bayerischen Polizei. Das Landesamt für Sicherheit in der Informationstechnik spricht von "prorussischem Hacktivismus": https://www.br.de/nachrichten/bayern/prorussische-cyberattacke-auf-staatsregierung-und-polizei,UcnL8gT #ddos

I've been working on an automated triager for the frequent volumetric DDOS we see against www.bbc.com & www.bbc.co.uk.

The idea is to use our edge access logs (stored in BigQuery) to isolate & describe the attack traffic then recommend any additional mitigations/filters etc. It also gives us a database of DDOS metrics/sources we can reference.

Obviously I had to add the obligatory pew-pew map.

#DDoS attacks reportedly behind #DayZ and #Arma network outages

https://www.bleepingcomputer.com/news/security/ddos-attacks-reportedly-behind-dayz-and-arma-network-outages/