Ukraine's vigilante IT army now has a DDoS bot to automate attacks against Russia

The Ukrainian flag generated digitally in the form of data
(Image credit: Getty Images)

Ukraine’s unofficial ‘army’ of IT vigilantes has developed a new automated attack tool to increase the effectiveness of its cyber attacks against Russian domains.

Its “attack automation bot” was built to help more people easily launch distributed denial of service (DDoS) cyber attacks against Russia. The new tool encourages individuals to donate their cloud resources to the bot, which is capable of launching a “coordinated attack from all the available servers”.

“To run all our attacks at the same time we recommend to use our new DDoS bot,” the group said on its website. “All you need is [to] send credentials to your servers to our bot and check how [the] attack is going via Telegram bot.”

Flow chart showing how the automated DDoS bot works

Should they wish to, supporters are also encouraged to purchase and share the credentials of new servers that can be bought for the sole purpose of strengthening the botnet's attack.

The organised group of cyber-savvy individuals who want to actively support Ukraine from afar has been growing in number since the start of the conflict. The group is assembled on Telegram and currently has more than 270,000 members.

The group’s members are fed instructions by leaders on a daily basis, complete with IP addresses, specific ports, and web domains that need to be targeted to disrupt the Russian regime as the war continues.

Past targets have included media organisations, banks, airlines, and app stores.

Russian cyber attacks against Ukraine have been large and sustained, starting weeks before the conflict broke out.

The Five Eye intelligence alliance confirmed last week that it believed with a high degree of confidence that Russia was behind the attacks on Ukraine in the early stages of the war.

The attacks on Ukrainian government websites in January, which also involved the use of the destructive Whispergate ‘wiper’ malware, were attributed to Russia’s military intelligence service, the GRU, as was the 24 February attack on communications company Viasat.


The Total Economic Impact™ of Mimecast

Cost savings and business benefits enabled by using Mimecast with Microsoft 365


The attack on Viasat was conducted one hour before the Russia invasion of Ukraine became official and it was later revealed to have had effects in wider Europe, as wind farms and individual internet users outside of Ukraine also suffered outages.

The collateral effects of the Viasat attack were the most visceral examples of the ‘spillover effects’ many experts believed would affect Europe in the ongoing war between Russia and Ukraine in cyber space.

Russia has a history of launching devastating attacks on Ukraine dating back many years. Some of the most significant incidents have involved the use of Petya malware and repeated targeting of the country’s power grid, firstly in 2015, then again in 2016, and most recently in April 2022.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.