Thursday, February 07, 2019

Historical OSINT - A Peek Inside The Georgia Government's Web Site Compromise Malware Serving Campaign - 2010

Remember the massive Russia vs Georgia cyber attack circa 2009? It seems that the time has come for me to dig a little bit deeper and provide actionable intelligence on one of the actors that seem to have participated in the campaign including a sample Pro-Georgian type of Cyber Militia that apparently attempted to "risk-forward" the responsibility for waging Cyberwar to third-parties including Russian and Anti-Georgia supporters.

How come? In this post I'll provide actionable intelligence on what appears to be a currently active Brazilian supporter of the Cyber Attacks that took place circa 2009 with the idea to discuss in-depth the tools and motivation for launching the campaign of the cybercriminals behind it.

Sample malicious URL known to have participated in the campaign:
hxxp://geocities.ws/thezart/

It's 2010 and I'm coming across to a malicious and fraudulent file repository that can be best described as a key actor that managed to participate perhaps even orchestrate the Russia vs Georgia cyber attacks circa 2009. Who is this individual? How did he manage to contribute to the Russian vs Georgia cyber attacks? Did he rely on active outsourcing or was he hired to perform the orchestrated DDoS for hire attacks that took place back then? Keep reading.

It appears that a Brazilian user known as The Zart managed to participated in the Russia vs Georgia cyber attacks circa 2009 relying on a variety of tools and techniques known as:

- DNS Amplification Attacks
- Web Site Defacement Tools
- Targeted Spreading of Vulnerable Legitimate Web Sites
- Automated Web-Site Exploitation - Long Tail of The Malicious Web

which basically resulted in a self-mobilized militia that actually participated and launched the Russia vs Georgia cyber attacks circa 2009.

Related posts:
The Russia vs Georgia Cyber Attack
Who's Behind the Georgia Cyber Attacks?
DDoS Attack Graphs from Russia vs Georgia's Cyberattacks
Real-Time OSINT vs Historical OSINT in Russia/Georgia Cyberattacks