Anonymous Russia’s botnet service Tesla-bot announced a new malicious service model on its Telegram channel. This new type of service and concept, which they call as TaaS (Threat as a Service), appears to be a platform that will include Stealer, Ransomware, Pen-Test Tools, and Tesla Bot’s DDoS features. In this announcement made by Radis, who was appointed as the leader of Anonymous Russia by KillMilk, it is also stated that it will try to integrate the source code of a ransomware group named ****Bit (possibly LockBit since its previous versions have been leaked already) into its platform called TaaS, he adds.
Figure 1. Announcement of the TaaS (Threat as a Service) by Radis.
Potential Impact and Hacktivist Drama
Even though it is still unclear how functional this new service will be, it is necessary to understand who will add this to their malicious arsenals and how it can be used.
The threat actor nicknamed Radis, who made the TaaS announcement, was appointed as the head of Anonymous Russia by KillMilk (Ex and de Facto leader of KillNet) after Anonymous Russia’s ex-leader was caught by the authorities. KillMilk, who refers to Radis as “our baby,” concatenated KillNet’s collective with Anonymous Russia. Although there are occasionally disagreements, Anonymous Russia, its botnet TeslaBot, and the threat actors Radis and KillNet are affiliated.
Figure 2. KillNet’s Telegram channel, Radis is one of the mentioned members. Hacktivist threat actors continue to have problems among themselves. (Russian to English, Auto Translate)
The threat actor claimed to be Radis constantly changes his statements, decisions, and claims but he remains a frequently heard threat actor in the Russian Hacktivist world. TeslaBot, which had previously said it would stop its operations, announced its new version last August. As mentioned above, it looks like this new bot will be included in this TaaS platform.
Although it is a question mark whether the threat actor will be able to fulfill his claim, it seems to be a significant threat for this platform to fall into the hands of other hacktivists. Although Russian hacktivist groups focusing on DDoS can constantly create disruptions, the fact that they can also access ransomware capabilities seems to be a worrying outcome.
Follow Dark Web activities with SOCRadar
As Cyber Threats change and evolve day by day, organizations and users must keep up with this, and keeping up with this means taking a proactive approach. Although organizations can’t track Dark Web events and threat actors, SOCRadar can help you in this regard. SOCRadar offers a comprehensive Dark & Deep Web Monitoring solution designed to empower organizations in recognizing and addressing threats spanning the surface, deep, and dark web. Leveraging our unmatched reconnaissance capabilities and threat assessment expertise, we furnish actionable insights to support your proactive organizational security efforts. The integration of automated external cyber intelligence with a specialized team of analysts equips SOC teams to manage and safeguard their external environment beyond their defined perimeters.
Figure 3. SOCRadar Dark Web Monitoring
The post Mother of the Threats: Threat as a Service appeared first on SOCRadar® Cyber Intelligence Inc..
Article Link: Mother of the Threats: Threat as a Service