Fronton: A Secret Russian Tool To Shut Down The Internet

Uploaded on 2020-03-24 in GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, INTELLIGENCE-Hot Spots-Russia, TECHNOLOGY--Hackers

A Russian hacker group calling itself 'Digital Revolution' claims to have breached a contractor for the FSB, Russia's national intelligence service, discovering compromising details about a project intended for hacking Internet of Things (IoT) devices. They claim to have revealed that Russia has new tools to shut down internet services by tapping internet-connected cameras and other smart devices.

That doe not only mean mean that FSB spies can penetrate mobile phones, laptop or even Internet-connected doorbells also meand that the Russian government has a new tool for creating a destructive DDoS-capable botnet. 

The new botnet tool was revealed in documents that give instructions for using a suite of hacking apps called Fronton, Fonton-3D, and Fonton-18. These botnets harness the computing power of millions of internet-connected things, direct them to spew random data at specific computers, and overwhelm vital services into uselessness. 

With millions of Americans currently teleworking during the COVID-19 pandemic, the United States has never been more dependent on the internet.

The Internet of Things, or IoT, is a term-of-art for the vast array of electronic products that connect to the internet, from refrigerators to medical equipment to automobiles. IoT vulnerabilities have long worried national security experts who say adversaries could exploit them to shut down entire sectors of digital capabilities and infrastructure. The documents say “An attack on national DNS servers can make the Internet inaccessible for several hours in a small country.”

The group Digital Revolution claimed to have obtained technical documents that detail a suite of hacking tools, Fronton, Fonton-3D, and Fonton-18 which incude the instructions for tapping into smart devices, including security cameras.

 Created in 2017 and 2018 by Russia’s FSB Information Security Center, the documents explain how to use the tools to make large botnet attacks on critical national services. According to screenshots of the Fronton backend, the botnet was capable of targeting Linux-based smart devices, which account for the vast majority of IoT systems today. This would have allowed it to target more than just smart cameras and NVRs.

Any device that has an Internet connection and a processor can be exploited. In an ideal world, all devices should be forced to go through some sort of network configuration before being used, rather than being exploitable from a default position.

Corero:          Defense One:         ZDNet:       Meduza

You Might Also Read: 

Disconnected: Russia Tests Its Own Internet:

A New IoT Botnet Storm Is Coming:

 

 

 

 

« How Effective Is Your Threat Intelligence?
Take Action On Cyber Security Training »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Wilson Sonsini Goodrich & Rosati (WSGR)

Wilson Sonsini Goodrich & Rosati (WSGR)

WSGR is the premier provider of legal services to technology, life sciences, and growth enterprises worldwide. Practice areas include cybersecurity and data protection.

SentinelOne

SentinelOne

SentinelOne is a pioneer in delivering autonomous security for the endpoint, datacenter and cloud environments to help organizations secure their assets with speed and simplicity.

SecuDrive

SecuDrive

SecuDrive, provides hardware encrypted external storage devices to protect a company’s sensitive and important data.

Lynx Technology Partners

Lynx Technology Partners

Lynx Technology Partners is a full service, full life-cycle risk-based security consulting firm.

Windscribe

Windscribe

Windscribe is a Virtual Private Network services provider offering secure encrypted access to the internet.

Digital Innovation Hub Slovenia (DIH)

Digital Innovation Hub Slovenia (DIH)

DIH Slovenia is a central hub providing services to grow digital competencies in areas including robotics, IoT, cyberphysical systems and cybersecurity.

HumanFirewall

HumanFirewall

HumanFirewall makes it possible for every individual to take part in securing their organisation. With HumanFirewall, achieving security has never been easier.

Zamna

Zamna

Zamna (formerly VChain Technology) is an award-winning software company building GDPR compliant identity platforms for the aviation industry.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

CYOSS

CYOSS

CYOSS, an ESG Group company, is a specialist in Cyber Security and Data Analytics. We focus on the opportunities of a networked world and make security risks manageable.

Trusted Security Solutions (TSS)

Trusted Security Solutions (TSS)

TSS are specialist in IT Security and providing Cybersecurity Solutions & Services combined with storage and backup.

Redington Group

Redington Group

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

Levio

Levio

Levio is a digital native business and technology consulting firm. As a true partner from start to finish, our goal is a long-lasting transformation that’s right for your business model.

PowerDMARC

PowerDMARC

PowerDMARC is a domain security and email authentication SaaS platform that helps organizations protect their domain name, brand, and emails against unauthorized use.

Harmony Intelligence

Harmony Intelligence

Harmony builds cutting-edge defensive AI products that safeguard people and critical infrastructure around the world from AI-powered threats.

ThingsRecon

ThingsRecon

ThingsRecon empowers organisations to continuously map and manage their attack surface, uncover hidden vulnerabilities, and assess supplier cyber hygiene.