Skip to main content

Armada Collective DDoS threats were fake, but still scored thousands of dollars

brian krebs project shield ddosattack
Image used with permission by copyright holder
A group of would-be cybercriminals sent empty DDoS attack threats to several sites and online services demanding ransoms to the tune of thousands of dollars.

The group claimed to be the shadowy hacker organization Armada Collective, the same group that allegedly carried out a DDoS campaign on Protonmail last year. However, Cloudflare has called out theses DDoS threats as fake.

“To date, we’ve not seen a single attack launched against a threatened organization,” said CEO Matthew Prince. Cloudflare compared its notes with other DDoS mitigation and security firms, he said, and found the same thing.

While the threats were fake, the extortion was not. Chainanalysis told Cloudflare that it found that many sites did indeed pay up to avoid the perceived threats of a DDoS attack, and the bitcoin address associated with the email threats received up to $100,000 in transactions.

Many of the email threats to services like BlackVPN and SCRYPTmail looked very similar. Prince pointed out that this was one of the flaws in the plan. As the extortion money is demanded in bitcoin, which is for the most part anonymous, there was no way for “Armada Collective” to determine which sites had actually paid and who shouldn’t be DDoS’d.

Coupled with the lack of actual attacks that occurred, Cloudflare deduced that these were all empty threats. Most likely the unknown group was piggy-backing off the reputation that the other Armada Collective had built for carrying out DDoS attacks. That group hasn’t been active since November of last year.

Now that same group of pretenders, according to Cloudflare, has supposedly adopted the mantle of Lizard Squad, another hacker group that was most infamous for attacking PlayStation and Xbox networks.

Cloudflare’s Justin Paine notes that these latest DDoS threats appear very similar and even reuse the same bitcoin address. Once again, no attacks have been recorded.

“Similar to the group claiming to be the ‘Armada Collective’, there is a general consensus within the security community that this group claiming to be the ‘Lizard Squad’ is not in fact actually the group they claim to be,” Paine said. “This is another copycat.”

Editors' Recommendations

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Cloudflare just stopped one of the largest DDoS attacks ever
Hands on a laptop.

Cloudflare, a company that specializes in web security and distributed denial of service (DDoS) attack mitigation, just reported that it managed to stop an attack of an unprecedented scale.

The HTTPS DDoS attack was one of the largest such attacks ever recorded, and it came from unusual sources -- data centers.

Read more
Microsoft stopped the largest DDoS attack ever reported
Nvidia T4 Enterprise Server Wall

Distributed Denial-of-Service (DDoS) attacks have become more common, and Microsoft recently published a blog post looking into the trends for such attacks on its own servers. In that post, the company says that, at one point, it stopped one of the largest-ever-recorded DDoS attacks on a Microsoft Azure server in Asia.

According to Microsoft's data, in November, an unnamed Azure customer in Asia was targeted with a DDoS attack with a throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps.) The attack came from 10,000 sources from multiple countries across the globe, including China, South Korea, Russia, Iran, and Taiwan. The attack itself lasted 15 minutes. Yet it is not the first one of such scale, as there were two additional attacks, one of 3.25 Tbps and another of 2.55 Tbps in December in Asia.

Read more
Cloudflare reports a massive 175% increase in DDoS attacks
Person using laptop with security graphics in front.

Cloudflare, a web infrastructure and security company, has just released a report titled "DDoS Attack Trends for Q4 2021." According to Cloudflare, 2021 has been a particularly bad year in terms of DDoS attacks.

Ransom distributed denial of service (DDoS) attacks increased by over 175 percent quarter over quarter, highlighting the large scale of the problem described by Cloudflare.

Read more