FoxBlade Malware Botnet Targets Ukrainian Organizations

Russia's cyberattack against Ukrainian targets mobilizes all sorts of malware families. The hackers participating in these campaigns are focusing on destructive malware attacks that could take entire networks down. To achieve this, they have used a series of disk wipers like the isaacWiper Malware. However, it seems that the state-sponsored hackers also have a botnet at their disposal. Cybersecurity vendors identified the FoxBlade Malware, which appears to be used to create a botnet that can be used to execute distributed-denial-of-service (DDoS) attacks. To achieve this, the criminals operating the implant are aiming to infect as many systems as possible, without caring too much about the system's designation or location. However, it has been determined that victims of FoxBlade Malware DDoS attacks have been mostly Ukraine-based entities and organizations.

It is likely that the FoxBlade Malware attacks have been active for a few months, but this is the first time that we see the botnet weaponized and in action. The criminals are targeting all sorts of devices in order to expand their botnet – including smart devices running on the ARM architecture.

The DDoS attacks that the FoxBlade Malware carries out have the ability to take systems offline for extended periods of time. It does not come as a surprise that the operators of the botnet have opted to go after targets that play a major role in several Ukrainian sectors such as agriculture, financial, emergency services, and more.

DDoS botnets have always been a major threat, but private ones like the FoxBlade Malware are even more dangerous. They usually stay dormant for months at a time, and only come in use when there is major conflict – such as the one between Russia and Ukraine.

March 4, 2022