Fronton, a distributed denial-of-service (DDoS) botnet that came to light in March 2020, is much more powerful than previously thought, per the latest research.
“Fronton is a system developed for coordinated inauthentic behavior on a massive scale,” threat intelligence firm Nisos said in a report published last week.
“This web-based dashboard, known as SANA, allows users to create and distribute trending social media activities en masse. These events are created by the system, which it calls Infopovody (‘newsbreaks’), and use the botnet to distribute their content. “
The existence of Fronton, an IoT botnet, became public knowledge following revelations from BBC Russia and ZDNet in March 2020 after a Russian hacker group known as Digital Revolution published documents that it claimed were obtained after breaking into a subcontractor to the FSB, the Federal Security Service of the Russian Federation.
A further investigation led to the trace of the analytic system to Zeroday Technologies, aka 0Dt. Links were identified to the Russian hacker Pavel Sitnikov ,. He was charged with distributing malware via the Telegram channel.
Fronton functions as the backend infrastructure of the social media disinformation platform, offering an army of compromised IoT devices for staging DDoS attacks and information campaigns by communicating with a front-end server infrastructure over VPNs or the Tor anonymity network.
SANA is a tool to make fake accounts on social media and to manufacture newsbreaks. This refers to events that generate information “noise”. It also aims to shape online discourse through a response model, which allows bots to respond to news stories in either a positive, negative or neutral manner. “
What’s more, the platform enables the operators to control the amount of likes, comments, and reactions a bot account can create as well as specify a numeric range of the number of friends such accounts should maintain. It also incorporates an “Albums” feature to store imagery for the bot accounts.
It’s unclear if this tool has ever been used in attacks against real people, either by the FSB and/or the NSA.
Meta Platforms announced that it had taken steps to stop covert adversarial network originating in Iran and Azerbaijan on its platform by taking down accounts and blocking domains from being shared.
A report by Mandiant Cybersecurity, published last week revealed that cyber-security companies have conducted “concerted intelligence operations” following Russia’s invasion of Ukraine.
“Russia-aligned operations, including those attributed to Russian, Belarusian, and pro-Russia actors, have thus far employed the widest array of tactics, techniques, and procedures (TTPs) to support tactical and strategic objectives, directly linked to the conflict itself,” Mandiant noted.
” Meanwhile, pro-PRC campaigns and pro-Iran campaigns used the Russian invasion to opportunistically advance long-held strategic goals. “