Tech

Zhadnost – Finding and Tracking a GRU-controlled Botnet


Tech 2 October 5, 2022 1:30 pm - 2:30 pm Feedback     

Bookmark and Share

Ryan Slaney

This presentation details the discovery and analysis of a new botnet, named Zhadnost, first discovered by the author conducting DDoS attacks on Ukrainian government and financial websites shortly before and during Russia’s invasion of Ukraine. The botnet was later used against Finnish Government websites, on the same date President Zelensky addressed the Finnish parliament, and against the Ukrainian Postal Service, on the day a controversial anti-Russian stamp was to go on sale. The presentation discusses the methodology and tools the author used to discover its bots, provides an analysis of its bots and how easy they are to find, how its impact can be mitigated, and attribution of the botnet to the Russian GRU. The presentation also compares and contrasts Zhadnost with the activities of another Russia aligned- botnet operator, KillNet, who has targeted dozens of US, European, and NATO websites with DDoS attacks.