DDoS Empire Shutdown: The Why, What, When & How
ddos empire shutdown
  • Table of contents

The author

user_image
Shmuel Gihon
Share on LinkedIn

Research Team Leader at Cyberint

Table of contents

Related Articles

Akira Ransomware
Research

Akira Ransomware: Published Over 30 New Victims on their DLS

Akira, a rising ransomware-as-a-service star was discovered in March 2023. Since then its victim count...
Nov 18, 2024
Learn more
Coral
Research

Not Your Grandfather’s Hacktivists: How Hacktivism Has Evolved

Fig 1: Crowd Sourcing to campaign against Israel Fig 2: Crowdsourcing to campaign against Russia...
Nov 14, 2024
Learn more
Research

DDoS Empire Shutdown: The Why, What, When & How

Aug 8, 2023

Starting from the beginning of 2023, the FBI and other law enforcement agencies worldwide have come together in a united effort to combat cybercrime, with a specific focus on ransomware. This alliance has already resulted in significant arrests, including those of individuals associated with Pompompurin and LockBit, as well as the dismantling of the Hive ransomware group’s infrastructure. Furthermore, this collaborative effort has successfully led to the shutdown of a prominent DDoS group known as DDoS Empire.

Traditionally, the FBI targets Onion sites in their takedown operations. However, in the case of DDoS Empire, the FBI went a step further and took down and seized the group’s Telegram channel itself (refer to Figure 1).

Figure 1: The DDoS Empire Telegram Channel seized by the FBI and European Police Force
Figure 1: The DDoS Empire Telegram Channel seized by the FBI and European Police Force

Who Is DDoS Empire?

DDoS Empire emerged in May 2022, with Amazon as its first victim (Figure 2). As the group attacked at least 200 victims in their activity time period, targeting big organizations such as LinkedIn, Interpol, Spotify and Twitter

 

Figure 2: DDoS empire targeting Amazon Pay Services
Figure 2: DDoS empire targeting Amazon Pay Services

DDoS Empire’s attacks were executed by flooding a target system or network with an overwhelming volume of traffic. This surge of traffic is generated through numerous compromised devices, typically forming a botnet. Consequently, the target system is incapacitated and unable to handle legitimate requests, causing a denial of service.

The group was founded by a known threat actor named Neferian, a former member of Anonymous who also operated a Twitter account for several months (Figure 2).

Figure 2: DDoS Empire Twitter Account
Figure 2: DDoS Empire Twitter Account

The Pursuit for Justice Continues

DDoS Empire’s takedown is another example of the efforts of the FBI, along with other law authorities and intelligence agencies, to hunt down cybercrime groups worldwide.

In order to do so, they will often look to arrest the operators and founders of the various groups or shut down their operations in the technological aspect, such as taking down their infrastructure and compromising their databases. Even if the latter doesn’t necessarily lead to the arrest of these individuals, it often “buys” a hefty amount of time in which the group or its members go off the grid, which also leads to fewer victims.

About Cyberint

Cyberint’s impactful intelligence solution combines cyber threat intelligence, external attack surface management, brand protection, and digital supply chain intelligence into a single, powerful platform. By leveraging autonomous discovery of all of an organization’s external-facing assets, coupled with open, deep & dark web intelligence, the solution enables cybersecurity teams to accelerate the detection and disruption of their most pressing cyber risks. Global customers, including Fortune 500 leaders across all major market verticals, rely on Cyberint to prevent, detect, investigate, and remediate phishing, malware, fraud, brand abuse, data leaks, external vulnerabilities, and more, ensuring continuous external protection from cyber threats.

Schedule a Demo

Uncover your compromised credentials from the deep and dark web

Fill in your business email to start