There are several theories and claims as to who might be behind the distributed denial-of-service (DDoS) attacks launched last week against DNS provider Dyn, but researchers believe the attacks were actually launched by script kiddies.
The DDoS attacks launched on Friday against Dyn’s managed DNS infrastructure caused disruptions for several major websites, including PayPal, Twitter, Reddit, GitHub, Amazon, Netflix and Spotify.
Experts have confirmed that the attack involved Mirai botnets, which have ensnared hundreds of thousands of Internet of Things (IoT) devices after the Mirai malware source code was leaked by its original author.
The hacker known as “The Jester,” who recently claimed to have defaced a website belonging to Russia’s Ministry of Foreign Affairs, said the Russian government was behind the attack on Dyn. WikiLeaks suggested that its supporters were responsible, and a group of hacktivists known as “New World Hackers” have also taken credit for the disruption.
However, researchers at Flashpoint believe the attacks on Dyn were not launched by state-sponsored actors, hacktivists or profit-driven cybercriminals. Experts assessed, with moderate confidence, that script kiddies, particularly members of the HackForums website, are responsible.
The security firm’s analysis revealed that the infrastructure used in the Dyn attacks was also leveraged to unsuccessfully target a major video game company.
“The technical and social indicators of this attack align more closely with attacks from the Hackforums community than the other type of actors that may be involved, such as higher-tier criminal actors, hacktivists, nation-states, and terrorist groups,” Flashpoint said. “These other types of threat actors are unlikely to launch such an attack without a clear financial, political, or strategic objective, and they are very unlikely to launch an attack against a video game company.”
“Participants in the Hackforums community have been known to launch DDoS attacks against video game companies to show off their credentials as hackers of skill, or to ‘troll’ and gain attention by causing disruption to popular services,” the company added.
Mirai botnets have been increasingly abused for DDoS attacks following the source code leak. Cybercriminals can create large botnets due to the fact that many DVRs, IP cameras and routers can be easily hacked.
One of the companies whose products have been abused in such attacks is Dahua Technology. Researchers warned that products using hardware and software components from China-based XiongMai Technologies are also susceptible to attacks due to hardcoded credentials and a Telnet service that is active by default. The Chinese vendor has announced plans to recall some of the vulnerable products.
Related: Sierra Wireless Rugged Gateways Targeted by Mirai Malware
Related: MITRE Offers $50,000 for Rogue IoT Device Detection

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
Latest News
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
- Consolidate Vendors and Products for Better Security
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
