A Russian hacktivist group calling itself “The People’s Cyberarmy” called on its members to target the American Democratic party website at https://democrats.org with DDOS (Distributed Denial of Service) attacks, as reported by Wordfence.
A post on their Telegram channel, “CyberArmyofRussia_Reborn”, which has more than 7,000 subscribers contained targeting instructions, and the channel contains links and instructions to downloadable DDOS tools.
The group itself uses fairly unsophisticated attack methods and does not have a high likelihood of succeeding at taking down the democrats.org site, as the attack instructions include an IP address for the site that is one of four Fastly CDN IPs. This indicates not only that the site itself already has DDOS mitigation in place, but that the attackers are targeting it in a way that is unlikely to achieve their goals.
While this group does not appear to consist of particularly skilled attackers and has until now primarily targeted Ukrainian websites, Google-owned cybersecurity firm Mandiant has noted that it has coordinated with the Russian state-sponsored threat group known as APT-28 in the past.
Skilled attackers frequently use the chaos caused by DDOS attacks as cover to gain or escalate access to a system, or to exfiltrate sensitive information. In this case, it is likely that the purpose of the attacks is simply to make a statement. While the attacks on the Democratic party website have not been successful at the time of publication, they appear to have added the website of the Mississippi secretary of state, who is currently a Republican, to the list of targets.
The fact that the target URL is an easily cacheable PDF file would make it significantly more difficult to successfully take down the site but the website at www.sos.ms.gov appears to be down at this time, indicating that the group is having considerably greater success. We expect ongoing attacks on local and regional government sites throughout election day and may update this post as more information becomes available.
